Subj : Port 23, Telnet, and Internet Background Radiation
To   : DustCouncil
From : deon
Date : Mon Feb 06 2023 21:58:29

  Re: Port 23, Telnet, and Internet Background Radiation
  By: DustCouncil to All on Sun Feb 05 2023 08:51 pm

Howdy,

 > Anyway, I took the top bunch and set up listeners on these ports for about 6
 > days using netcat (traditional) on a system which shouldn't have any inbound
 > connections. Netcat hands inbound connections to a script which prints fake
 > Login: and Password: prompts, and then, regardless of what is entered here,
 > displays a fake # or $ shell prompt, depending on whether they're using root
 > as the login or not.

So I have port 23 open, and while I see a lot of probing, for the best part I ignore it. I also wrote a tool that parsed the known active IP subnets by country (IPv4 and IPv6 - there is a github project that has this), so that I can create an optimised firewall rule that banned specific countries. (By optimised I mean joining subnets together so two adjacent /24's could be combined to a /23, etc).

So even though I have some countries banned, I still see some probing from "good" countries - maybe tools or people trying (or compromised machines).

Is your script available? I often thought of spinning up a honey pot - my goal is to waste their time if it was actually people behind the attempt.


....лоеп
--- SBBSecho 3.15-Linux
 * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

.