Subj : How to handle the port 23 script kiddies To : Bj”rn Felten From : mark lewis Date : Fri Mar 16 2018 11:43:38 On 2018 Mar 14 00:41:12, you wrote to All: BF> I really do want to keep my port 23 open, so that my users can telnet BF> to my BBS. ok... you can do that... BF> But as most of you probably know, there's a huge operation going on BF> with hijacked computers trying to connect to other port 23 computers. "*a* huge operation"?? think again... try "several" or "numerous"... there are quite a few different groups fighting each other... many over farkin games... some are just cheating... in all cases, they are building botnets so they can DDOS other systems and cheat in their games or try to take someone else's botnet bit by bit... or just be a festering boil because they have no proper home training or upbringing... take your pick... BF> Well, if you like me have Argus setup to answer incoming port 23 BF> calls, you probably know that there's very little double escape BF> character response. So how do you handle this? block'em at the perimeter via IDS/IPS and be done with them... stop screwing around... if you don't have a perimeter firewall, you should get one... yeah, i mean replacing that POC in the ISP modem thing... preferably a firewall with an IDS/IPS so that you can write your own rules and block these MIRAI variants... BF> Originally I was planning on sending a huge response (as in typing a BF> big exe-file) but I abandoned that idea since it meant that my system BF> was hanging after the remote system quickly disconnected. that type of retaliation won't do a damned thing... they won't even see it... just block them and move on... or get off of 23 and 2323 and live a quiet life... i've been writing about this stuff since july or august of MIRAI when i first started writing IDS rules to detect the shite and block it... it is exactly what my signature block talks of, too... )\/(ark Always Mount a Scratch Monkey Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong... .... It's lonely at the top, but you eat better. --- * Origin: (1:3634/12.73) .