On 2017 Jun 12 00:54:18, you wrote to All:
Ig> I've since recently put my board back on port 23... and I now recall
Ig> why I took it off of it. I keep getting all of these connections from
Ig> hackers, I take it.
they are not hackers... at best they are skiddies but in reality, it is the
MIRAI botnets trying to see if your system is a vulnerable IoT (Internet of
Things) device like an IP Camera or a DVR or smart TV and similar... anything
that has default login credentials hardcoded in it...
Ig> Anyone know of a way to filter these bad connections?
there is none, really... you have to let them connect and then dump them based
on the data they shove at you without waiting for any prompts... yes, that's
right... they do not look for and respond to any sort of login prompts... they
just start spewing their login stuff followed by the shell commands to fire off
busybox...
Ig> I've tried Janis' iptables suggestion, but it isn't working.
intrusion detection systems are the only things i've seen that come close but
the connection and attempted login still has to take place... the *ONLY* other
option is to get off of port 23 and the other few that MIRAI specifically
targets... that includes the default SSH port as well...
)\/(ark
Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it
wrong...
... WANTED: Meaningful overnight relationship.
---
* Origin: (1:3634/12.73)
|
