We have actively started to block 23/tcp to our customer's CPEs
Huge amounts of connection attempts / scans over our prefixes. All IPv4,
zero on IPv6 (not yet at least).
On Wed, Nov 16, 2016 at 8:12 PM, Otto Monnig wrote:
> We’ve been monitoring/logging/blocking ports
We’ve been monitoring/logging/blocking ports 23 and 2323 at our site for the
past several weeks, after remediating a 60-75 Mbps attack on a 100 Mbps fiber
feed.
On port 23, we have accumulated 377,319 different IP addresses hitting our
systems. For port 2323, 42,913 different IP addresses.
-
From: "Mel Beckman" <m...@beckman.org>
To: l...@satchell.net
Cc: nanog@nanog.org
Sent: Wednesday, November 16, 2016 11:25:34 AM
Subject: Re: Port 2323/tcp
It's pretty much part of the IBR now. And what can a provider do, really? It's
not likely he will expend much
It's pretty much part of the IBR now. And what can a provider do, really? It's
not likely he will expend much effort blocking customers. Maybe we should all
start filtering 2323?
-mel via cell
> On Nov 16, 2016, at 11:53 AM, Stephen Satchell wrote:
>
> I've been seeing a
I've been seeing a lot of rejections in my logs for 2323/tcp. According
to the Storm Center, this is what the Mirai botnet scanner uses to look
for other target devices.
Is it worthwhile to report sightings to the appropriate abuse addresses?
(That assumes there *is* an abuse address associated
5 matches
Mail list logo