Subj : Unwanted connections to port 23.
To   : j b l
From : mark lewis
Date : Mon Jun 12 2017 11:30 am

On 2017 Jun 12 06:24:08, you wrote to me:

ML>> intrusion detection systems are the only things i've seen that come
ML>> close but the connection and attempted login still has to take
ML>> place... the *ONLY* other option is to get off of port 23 and the
ML>> other few that MIRAI specifically targets... that includes the
ML>> default SSH port as well...

jl> I've just come across a utility, called "PSAD", it is a port scanning
jl> utility.. if the "danger level" meets a certain threshold, it will
jl> automatically block the offending IP address. Pretty cool. I'm still
jl> testing it out at the moment, but this may be what i've been looking
jl> for.

i can't say that i've ever heard of it but these bots are not port scanning...
they're connecting and spewing their login stream... if there's nothing there
to connect to, they cannot spew and they move on to the next IP address they've
been directed to look at...

)\/(ark

Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it
wrong...
... 56. Admit it when you're wrong.
---
* Origin:  (1:3634/12.73)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.