Re: Port 2323/tcp

We have actively started to block 23/tcp to our customer's CPEs Huge amounts of connection attempts / scans over our prefixes. All IPv4, zero on IPv6 (not yet at least). On Wed, Nov 16, 2016 at 8:12 PM, Otto Monnig wrote: > We’ve been monitoring/logging/blocking ports

Re: Port 2323/tcp

We’ve been monitoring/logging/blocking ports 23 and 2323 at our site for the past several weeks, after remediating a 60-75 Mbps attack on a 100 Mbps fiber feed. On port 23, we have accumulated 377,319 different IP addresses hitting our systems. For port 2323, 42,913 different IP addresses.

Re: Port 2323/tcp

- From: "Mel Beckman" <m...@beckman.org> To: l...@satchell.net Cc: nanog@nanog.org Sent: Wednesday, November 16, 2016 11:25:34 AM Subject: Re: Port 2323/tcp It's pretty much part of the IBR now. And what can a provider do, really? It's not likely he will expend much

Re: Port 2323/tcp

It's pretty much part of the IBR now. And what can a provider do, really? It's not likely he will expend much effort blocking customers. Maybe we should all start filtering 2323? -mel via cell > On Nov 16, 2016, at 11:53 AM, Stephen Satchell wrote: > > I've been seeing a

Port 2323/tcp

I've been seeing a lot of rejections in my logs for 2323/tcp. According to the Storm Center, this is what the Mirai botnet scanner uses to look for other target devices. Is it worthwhile to report sightings to the appropriate abuse addresses? (That assumes there *is* an abuse address associated