On 2017 Jun 12 00:54:18, you wrote to All:

 Ig> I've since recently put my board back on port 23... and I now recall
 Ig> why I took it off of it. I keep getting all of these connections from
 Ig> hackers, I take it.

they are not hackers... at best they are skiddies but in reality, it is the
MIRAI botnets trying to see if your system is a vulnerable IoT (Internet of
Things) device like an IP Camera or a DVR or smart TV and similar...
anything that has default login credentials hardcoded in it...

 Ig> Anyone know of a way to filter these bad connections?

there is none, really... you have to let them connect and then dump them
based on the data they shove at you without waiting for any prompts... yes,
that's right... they do not look for and respond to any sort of login
prompts... they just start spewing their login stuff followed by the shell
commands to fire off busybox...

 Ig> I've tried Janis' iptables suggestion, but it isn't working.

intrusion detection systems are the only things i've seen that come close
but the connection and attempted login still has to take place... the
*ONLY* other option is to get off of port 23 and the other few that MIRAI
specifically targets... that includes the default SSH port as well...

)\/(ark

Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin'
it wrong...
... WANTED: Meaningful overnight relationship.
---