Having read about yesterday's denial of service attacks using bot-nets made up of Internet of Things devices, I decided to check my modem router's logs and I see a bunch of these alerts: Googling the alert led to information (http://mybroadband.co.za/vb/showthread.php/607966-D-Link-Modem-Log-kernel-intrusion) that these logs indicate that hackers are trying to scan for open ports (the DPT entry) on my router. They say that this indicates that the router is doing its job and is harmless. They also advised to be weary if the router keeps dropping the internet connection. This might be an indication that your router has been hacked. Always make sure that your internet-connected devices are not using the default login credentials.
People really need to be aware of the risk in not changing default login credentials, especially on routers. But that's just one step on the right direction. More information can be found here: http://routersecurity.org . Regarding IoT BotNets though, it's not just the issue of default login credentials. There are devices with Telnet and SSH passwords hardcoded into the firmware and the only remedy is to unplug them. I wonder how many devices in the country are part of the attack. https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/
When installing a router, don't plug it online yet. Change the username and password first. There are bots that scan IPs and once it finds the right credentials, it starts to work on that. There are reports in a forum I visited, that this is the case.
Here's an article by Michael Horowitz that tries to help test for vulnerable devices: http://www.computerworld.com/article/3134092/networking/testing-for-vulnerable-iot-devices.html This is in reaction to Brian Krebs article that I quoted above. Michael Horowitz is the same guy who created the website: http://routersecurity.org Hope this helps.
