Is this a wifi theft hack?

[verndewd]

PORT STATE SERVICE VERSION
23/tcp open telnet Broadcom BCM963268 ADSL router telnetd
80/tcp open tcpwrapped
443/tcp open tcpwrapped
5431/tcp open upnp Belkin/Linksys wireless router UPnP (UPnP 1.0; BRCM400 1.0)
8085/tcp open tcpwrapped
Service Info: OS: Linux 2.4; Devices: broadband router, router; CPE: cpe:/h:broadcom:bcm963268, cpe:/o:linux:linux_kernel:2.4

former state, literally minutes before. Case 2 I dont have any Linksys, ANYthing.

Not shown: 65529 closed ports
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
443/tcp open https
1990/tcp open stun-p1
5431/tcp open park-agent
8085/tcp open unknown

Your input is greatly appreciated, it looks to me like wireless signal theft. wireshark , router and zenmap files available as well.,, Maybe

 

[verndewd]

But wait there is more my router logs kept insisting there were intrusion attempts:::01/01/2019 02:42:34 AM Firewall Intrusion -> IN=ppp0.1 OUT= SRC=176.119.4.73 DST=65.129.63.97 PROTO=TCP SPT=44575 DPT=8344
01/01/2019 02:42:33 AM Firewall Intrusion -> IN=br0 OUT=ppp0.1 SRC=192.168.0.5 DST=47.254.79.165 PROTO=UDP SPT=29593 DPT=32100
01/01/2019 02:42:33 AM Firewall Intrusion -> IN=br0 OUT=ppp0.1 SRC=192.168.0.5 DST=47.93.34.139 PROTO=UDP SPT=29593 DPT=32100
01/01/2019 02:42:33 AM Firewall Intrusion -> IN=br0 OUT=ppp0.1 SRC=192.168.0.5 DST=47.91.222.210 PROTO=UDP SPT=29593 DPT=32100
01/01/2019 02:42:33 AM Firewall Intrusion -> IN=br0 OUT=ppp0.1 SRC=192.168.0.6 DST=108.177.98.188 PROTO=TCP SPT=48746 DPT=5228
01/01/2019 02:42:28 AM Firewall Intrusion -> IN=br0 OUT=ppp0.1 SRC=192.168.0.4 DST=205.171.3.25 PROTO=ICMP
01/01/2019 02:42:28 AM Firewall Intrusion -> IN=br0 OUT=ppp0.1 SRC=192.168.0.4 DST=205.171.3.25 PROTO=ICMP
01/01/2019 02:42:22 AM Firewall Intrusion -> IN=ppp0.1 OUT=

Not only that but i detected an android device with a cyanogen rom os which i later found was a hackers friend

 

[Alabalcho]

First, don't panic. This leads to complete giberrish in what you want to say.
Second, disconnect router from Internet (DSL, cable, whatever), reboot it, change router' and WiFi passwords.
Third, try to explain what you're posting.

 

[verndewd]

First, don't panic. This leads to complete giberrish in what you want to say.
Second, disconnect router from Internet (DSL, cable, whatever), reboot it, change router' and WiFi passwords.
Third, try to explain what you're posting.

i found a certified security guy on another forum, let me see what he says.. and fyi its a century link router , i cant change diddly and neither can tech support

 

[Corwin65]

I always like to use my own router just so I can change things.

 

[verndewd]

I scanned the bloody hell out of everything. all I found was a linksys belkin port series on my technicolor router, i deduce that, its either a broadcom chip associated with those brands or this alleged hacker is invisible. I used zenmap extensively, But i did find an interesting randomized mac presence on my fingbox, since it does the same thing i really do doubt it would read itself but it could during an attack, But more than that I have no idea. I did get some fishy details from wire shark and through an android scanner i picked up hidden mac addresses and bridges.