From time to time, my router starts to scan ports on all the connected devices. I have an internal RPi server which I restricted its access to the internet from the router. I checked the "/var/log/auth.log" on the RPi and many ssh attempts were made (192.168.1.254 is my router's IP):
Sep 8 08:58:54 homebridge sshd[3812]: Failed password for root from 192.168.1.254 port 49917 ssh2
Sep 8 08:58:54 homebridge sshd[3815]: Failed password for root from 192.168.1.254 port 49923 ssh2
Sep 8 08:58:54 homebridge sshd[3811]: Failed password for root from 192.168.1.254 port 49916 ssh2
Sep 8 08:58:55 homebridge sshd[3813]: Bad packet length 831689700. [preauth]
Sep 8 08:58:55 homebridge sshd[3813]: ssh_dispatch_run_fatal: Connection from authenticating user root 192.168.1.254 port 49919: message authentication code incorrect [preauth]
Sep 8 08:58:55 homebridge sshd[3814]: Bad packet length 4102269566. [preauth]
Sep 8 08:58:55 homebridge sshd[3814]: ssh_dispatch_run_fatal: Connection from authenticating user root 192.168.1.254 port 49920: message authentication code incorrect [preauth]
Sep 8 08:58:55 homebridge sshd[3815]: Bad packet length 724579712. [preauth]
Sep 8 08:58:55 homebridge sshd[3815]: ssh_dispatch_run_fatal: Connection from authenticating user root 192.168.1.254 port 49923: message authentication code incorrect [preauth]
Sep 8 08:58:55 homebridge sshd[3809]: Bad packet length 4156118696. [preauth]
Sep 8 08:58:55 homebridge sshd[3809]: ssh_dispatch_run_fatal: Connection from authenticating user root 192.168.1.254 port 49914: message authentication code incorrect [preauth]
Sep 8 08:58:55 homebridge sshd[3811]: Bad packet length 1343634757. [preauth]
Sep 8 08:58:55 homebridge sshd[3811]: ssh_dispatch_run_fatal: Connection from authenticating user root 192.168.1.254 port 49916: message authentication code incorrect [preauth]
Sep 8 08:58:55 homebridge sshd[3812]: Bad packet length 112696055. [preauth]
Sep 8 08:58:55 homebridge sshd[3812]: ssh_dispatch_run_fatal: Connection from authenticating user root 192.168.1.254 port 49917: message authentication code incorrect [preauth]
Sep 8 08:58:55 homebridge sshd[3810]: Bad packet length 1804220845. [preauth]
Sep 8 08:58:55 homebridge sshd[3810]: ssh_dispatch_run_fatal: Connection from authenticating
.
.
.
Sep 8 08:58:59 homebridge sshd[3863]: pam_unix(sshd:auth): check pass; user unknown
Sep 8 08:58:59 homebridge sshd[3863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.254
Sep 8 08:58:59 homebridge sshd[3848]: Failed password for invalid user user from 192.168.1.254 port 49945 ssh2
Sep 8 08:59:00 homebridge sshd[3854]: Bad packet length 425104342. [preauth]
Sep 8 08:59:00 homebridge sshd[3854]: ssh_dispatch_run_fatal: Connection from invalid user support 192.168.1.254 port 49951: message authentication code incorrect [preauth]
Sep 8 08:59:00 homebridge sshd[3855]: Bad packet length 1129344487. [preauth]
Sep 8 08:59:00 homebridge sshd[3855]: ssh_dispatch_run_fatal: Connection from invalid user support 192.168.1.254 port 49952: message authentication code incorrect [preauth]
Sep 8 08:59:00 homebridge sshd[3865]: Invalid user oracle from 192.168.1.254 port 49958
Sep 8 08:59:00 homebridge sshd[3865]: pam_unix(sshd:auth): check pass; user unknown
Sep 8 08:59:00 homebridge sshd[3865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.254
Sep 8 08:59:00 homebridge sshd[3853]: Bad packet length 4277706447. [preauth]
Sep 8 08:59:00 homebridge sshd[3853]: ssh_dispatch_run_fatal: Connection from invalid user 888888 192.168.1.254 port 49949: message authentication code incorrect [preauth]
Sep 8 08:59:00 homebridge sshd[3840]: Bad packet length 3501965975. [preauth]
Sep 8 08:59:00 homebridge sshd[3840]: ssh_dispatch_run_fatal: Connection from invalid user Administrator 192.168.1.254 port 49941: message authentication code incorrect [preauth]
Sep 8 08:59:00 homebridge sshd[3868]: Invalid user default from 192.168.1.254 port 49960
Sep 8 08:59:00 homebridge sshd[3867]: Invalid user security from 192.168.1.254 port 49959
Sep 8 08:59:00 homebridge sshd[3851]: Bad packet length 307794145. [preauth]
Sep 8 08:59:00 homebridge sshd[3851]: ssh_dispatch_run_fatal: Connection from invalid user 666666 192.168.1.254 port 49947: message authentication code incorrect [preauth]
.
.
.
Sep 8 08:59:00 homebridge sshd[3851]: ssh_dispatch_run_fatal: Connection from invalid user 666666 192.168.1.254 port 49947: message authentication code incorrect [preauth]
Sep 8 08:59:00 homebridge sshd[3868]: pam_unix(sshd:auth): check pass; user unknown
Sep 8 08:59:00 homebridge sshd[3868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.254
Sep 8 08:59:00 homebridge sshd[3867]: pam_unix(sshd:auth): check pass; user unknown
Sep 8 08:59:00 homebridge sshd[3867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.254
Sep 8 08:59:00 homebridge sshd[3848]: Bad packet length 3380216880. [preauth]
Sep 8 08:59:00 homebridge sshd[3848]: ssh_dispatch_run_fatal: Connection from invalid user user 192.168.1.254 port 49945: message authentication code incorrect [preauth]
Sep 8 08:59:01 homebridge sshd[3876]: Invalid user info from 192.168.1.254 port 49965
Sep 8 08:59:01 homebridge sshd[3872]: Invalid user ftp from 192.168.1.254 port 49963
Sep 8 08:59:01 homebridge sshd[3873]: Invalid user info from 192.168.1.254 port 49964
Sep 8 08:59:01 homebridge sshd[3876]: pam_unix(sshd:auth): check pass; user unknown
Sep 8 08:59:01 homebridge sshd[3876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.254
Sep 8 08:59:01 homebridge sshd[3872]: pam_unix(sshd:auth): check pass; user unknown
Sep 8 08:59:01 homebridge sshd[3872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.254
Sep 8 08:59:01 homebridge sshd[3873]: pam_unix(sshd:auth): check pass; user unknown
Sep 8 08:59:01 homebridge sshd[3873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.254
Sep 8 08:59:01 homebridge sshd[3878]: Invalid user public from 192.168.1.254 port 49966
These are just a small portion of the attempts. I talked to the internet provider and they said everything is fine. They didn't sound very convincing. Is this a protocol that a router has (it doesn't have a schedule, the router scans ports without any routine) or is my router or any of the other devices infected. The router is a "Arris BGW210".