[HECnet] Botnet hits on 23/tcp
Mark Wickens
mark at wickensonline.co.uk
Tue Oct 25 07:53:55 PDT 2016
Hi Sampsa
I need to check this, *but*, all my ports are non-default, which are
likely to attract significantly less attention.
I'd try a non-default port first and see how you get on.
Mark.
On 10/25/2016 3:48 PM, Sampsa Laine wrote:
> Guys,
>
> I basically had HILANT:: totally lose the plot because of these telnet botnets that are hitting port 23/tcp all over the place.
>
> Have any of you guys been affected? I have a feeling as I’ve got a Finnish IP address I might be one of the Lucky Winners of Putin’s latest ragefest.
>
> FYI, these scripts are smarter than the usual root/Administrator scripts - I logged in and there had been over 49,000 attempts to log in to the SYSTEM account…
>
> Anyway, I’ve changed the NAT forwarding to another port (if you happen to use HILANT:: via Telnet it’s now at telnet://hilant.sampsa.com:2389.
>
> Also, is renaming the SYSTEM account likely to break stuff? They seem to be targeting that specific username so I figured I’d change it to STALIN or something…
>
> Sampsa
>
>
More information about the Hecnet-list
mailing list