A number of sources, including DShield, have noticed an uptick on port 2323 TCP beginning around 3 weeks ago. This is the scanner portion of the Mirai botnet scanning for IoT devices on both 23/TCP and 2323/TCP. There are a number of IoT devices that use port 2323/TCP as an alternate port for Telnet. Those who have setup listeners on port 2323 are seeing brute force credential attacks utilizing a small dictionary. The Mirai botnet iwas used to attempt to DDOS Brian Krebs website i and ifor the nearly 1 Tbps DDOS against OVH in late September
-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) |
Rick 317 Posts ISC Handler Oct 7th 2016 |
Thread locked Subscribe |
Oct 7th 2016 4 years ago |
I was just wondering about this very thing a couple of hours ago when I was looking through my firewall logs.
|
xannash 1 Posts |
Quote |
Oct 7th 2016 4 years ago |
Yes, I have been seeing a lot of this in some various logs as well. Thanks for your post.
|
xannash 1 Posts |
Quote |
Oct 14th 2016 4 years ago |
Sign Up for Free or Log In to start participating in the conversation!