Also, router owners are in high risk, now. 

Network Traffic can be manipulated by someone who setups the router, or can be manipulated by the ISP and other device owners. 

satoshiiiiiii

security

Botnet 7777 Running on TPLink Routers

_b_o_n_e_s_

Normal, actually right now the botnet and other ports have zero meaning. 

Modern hackers use public/private ssh ports instead of other ports/services.

'Cause if they reach the router's ssh they will be controlling Remote/Local Networks of all the devices using the router as a gateway. 

And right now every TP-Link router comes with ssh service. 

If someone check 0-65553 range ports, ssh service is always active inside of every TP-Link router. 

And someone can use QEMU for example to setup an operating system inside of any device.

Nowadays it's the most active Threat Actor in Security News. 