On 2018 Mar 14 00:41:12, you wrote to All:
I really do want to keep my port 23 open, so that my users can telnet
to my BBS.
ok... you can do that...
But as most of you probably know, there's a huge operation going on
with hijacked computers trying to connect to other port 23 computers.
"*a* huge operation"?? think again... try "several" or "numerous"... there are quite a few different groups fighting each other... many over farkin games... some are just cheating... in all cases, they are building botnets so they can DDOS other systems and cheat in their games or try to take someone else's botnet bit by bit... or just be a festering boil because they have no proper home training or upbringing... take your pick...
Well, if you like me have Argus setup to answer incoming port 23
calls, you probably know that there's very little double escape
character response. So how do you handle this?
block'em at the perimeter via IDS/IPS and be done with them... stop screwing around... if you don't have a perimeter firewall, you should get one... yeah, i
mean replacing that POC in the ISP modem thing... preferably a firewall with an
IDS/IPS so that you can write your own rules and block these MIRAI variants...
Originally I was planning on sending a huge response (as in typing a
big exe-file) but I abandoned that idea since it meant that my system
was hanging after the remote system quickly disconnected.
that type of retaliation won't do a damned thing... they won't even see it... just block them and move on... or get off of 23 and 2323 and live a quiet life... i've been writing about this stuff since july or august of MIRAI when i
first started writing IDS rules to detect the shite and block it... it is exactly what my signature block talks of, too...
)\/(ark
Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
... It's lonely at the top, but you eat better.
---
* Origin: (1:3634/12.73)
