Subj : Re: Port 23, Telnet, and Internet Background Radiation To : Blue White From : Arelor Date : Tue Feb 07 2023 07:09:25 Re: Re: Port 23, Telnet, and Internet Background Radiation By: Blue White to DustCouncil on Mon Feb 06 2023 04:03 pm > -=> DustCouncil wrote to All <=- > > Du> Unsurprisingly (but perhaps dramatically), port 23 is nearly constantly > Du> pounded by what appear to be botnets. > > This is because they are looking for IoT devices where people never change > the default usernames and passwords. Many of them have an open port 23 for > legit reasons, while others have 23 open because the default os install > does not disable it. > > Ironically, maybe, I have not had as much trouble with unwanted port 23 > traffic tying up the board as I have with unwanted port 22 (ssh) traffic. > They cannot log in, but they tie up multiple sessions trying, so I changed > that one from the default. > > ... Direct from the Ministry of Silly Walks > --- MultiMail/DOS > * Origin: possumso.fsxnet.nz * SSH:2122/telnet:24/ftelnet:80 (21:4/134) I would have thought IoT devices would be firewalled. Your (dumb)smart-fridge may have an open telnet port with admin/1234 credentials, but what use is a telnet scanner to find such a thing if it is behind a router? So many default routers use NAT+packet filtering by default that a regular scanner won't do anything on ipv4. Maybe some old routers with ipv6 capabilities come with ipv6 firewalling off by default, but if crackers are trying to find those holes, they would not be scanning ipv4. Dunno. It is getting hard as-it-is to run a legit service because your servers are not reachable behind CG-NAT. IoT devices need to call home most often than not because mothership cannot initiate connections to them. Even many IoT that are supposed to work like servers need to call home and use some form of NAT trasversal. -- gopher://gopher.richardfalken.com/1/richardfalken --- SBBSecho 3.20-Linux * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138) .