Hello,
I am experiencing way more mobile data traffic on my RUT 550 router than expected. I have about 60 RPI devices connected to it. It looks like the traffic increased from about 10K a day to about 5 Gig in just one week. I though it had something to do with problems or failure in the router or the mobile SIM card / net provider.
Using RUT tcpdebug and WireShark to analysis, I see high frequency of connections to the following addresses. Can anyone tell me if this is normal, caused by standard services (time synch or something...) or have I perhaps been hacked. I don't understand why I should connect to so many addresses in China, Russia and Japan. I am located in Iceland, and my remote IP address should be the only one connecting remotely. I don't understand all those connections. My password is strong, I did not have open to remote ssh until after I saw this. My remote http has alway been open. Any info or help would be appreciated. I was just thinking of block listing this, but before I am seeking more information. I only have remote access to the router.
ip.dst == 101.207.148.137
ip.dst == 101.200.125.235
ip.dst == 101.254.100.83
ip.dst == 102.164.61.126
ip.dst == 103.41.213.70
ip.dst == 103.96.75.55
ip.dst == 104.248.199.34
ip.dst == 109.173.66.193
ip.dst == 112.120.29.171
ip.dst == 115.210.128.73
ip.dst == 115.210.128.73
ip.dst == 118.42.18.46
ip.dst == 119.156.81.36
ip.dst == 119.156.81.36
ip.dst == 120.196.115.131
ip.dst == 120.25.242.86
ip.dst == 121.199.5.141
ip.dst == 124.64.223.46
ip.dst == 128.199.163.55
ip.dst == 129.213.154.0
ip.dst == 130.208.87.149 // veðurstofan
ip.dst == 130.208.87.152
ip.dst == 130.255.81.9
ip.dst == 141.147.162.9
ip.dst == 183.195.121.197
ip.dst == 185.156.73.120
ip.dst == 34.92.176.182
Thanks in advance,
Ragnar