Well, a "Time exceeded Code 0", means that the Time to Live (TTL) expired. The part about the IP being your cellular provider, well, that would have to be for you to decide if that is strange traffic or not. Are these transactions occuring at exactly the same time each day or is it around the same time?? And you have said that it is all about the time that your clients are trying to log in? Do you get logs of what ports that transaction is trying to access before it dies? Are they all trying to log in the same way or different ways, and if same way, are several trying to connect at once? From the look of that error, for some reason it's just timing out, it could be from their end depending on how they are connecting.