Subj : Has anyone received one of these? To : All From : Bradley D. Thornton Date : Thu Sep 05 2019 03:05 am It was kind of a shocker. I've had customers who were bad actors before and had to whack their services and accounts, but I've never gotten something that pretty much insists that I close an open port on one of my machines. Anyway, I thought I would toss this out to the list and see what your thoughts and suggestions are, as I have no intentions right now of closing down the telnet port. Maybe later, when I configure the ssh port for access, if that's going to provide an optimum experience for visitors, but I'm reluctant to choose a port other than 23 at this time (but maybe I'll have to). Anyway, comments, suggestions? Dear Mr Bradley D. Thornton, We have received a security alert from the German Federal Office for Information Security (BSI). Please see the original report included below for details. Please investigate and solve the reported issue. It is not required that you reply to either us or the BSI. If the issue has been fixed successfully, you should not receive any further notifications. Additional information is provided with the HOWTOs referenced in the report. In case of further questions, please contact certbund@bsi.bund.de and keep the ticket number of the original report [CB-Report#...] in the subject line. Do not reply to as this is just the sender address for the reports and messages sent to this address will not be read. Kind regards Abuse Team Hetzner Online GmbH Industriestr. 25 91710 Gunzenhausen / Germany Tel: +49 9831 5050 Fax: +49 9831 5053 www.hetzner.com Register Court: Registergericht Ansbach, HRB 6089 CEO: Martin Hetzner, Stephan Konvickova, Günther Müller For the purposes of this communication, we may save some of your personal data. For information on our data privacy policy, please see: www.hetzner.com/datenschutzhinweis On 04 Sep 08:50, reports@reports.cert-bund.de wrote: > Dear Sir or Madam, > > Telnet is an outdated network protocol for text-oriented command-line > access to remote hosts. With Telnet, all communication including > username and password is transmitted unencrypted in clear text and > is therefore susceptible to eavesdropping. > > Many IoT devices (routers, network cameras, etc.) are running > Telnet servers by default. If the devices are openly accessible > from the Internet and standard login credentials have not been > changed, an attacker can easily gain full control of the devices. > Malware like Mirai automatically exploits insecure Telnet servers > openly accessible from the Internet using to compromise devices > and connect them to a botnet. > > CERT-Bund recommends using (Open)SSH with key-based authentication > for secure access to remote hosts. > > Affected systems on your network: > > Format: ASN | IP | Timestamp (UTC) | Port | Banner > 24940 | 95.216.171.182 | 2019-09-03 10:05:13 | 23 | (U[8;25;80t[1;25r[1;1H[2J[1;1H[?1000h|Mystic BBS v1.12 A43 for Linux Node 2|Copyright (C) 1997-2019 By James Coyle||Detecting terminal emulation: [6n > > We would like to ask you to check this issue and take appropriate > steps to secure affected systems or notify your customers accordingly. Looking forward to hearing what everyone has to say :) Kindest regards, Bradley .. .