On 2017 May 21 23:52:22, you wrote to All:

 JL> I want to run my board on port 23, but I keep getting unwanted connections
 JL> to it. Mostly from Chinese hackers, I presume.

nope... most likely they are MIRIA trying to figure out if your BBS is a
DVR, a (not so) smart TV, an IP Camera or a vulnerable router... my old
school frontdoor mailer shows their connection attempts to me all the
time... it is why i was one of the very first to raise alerts to them and
also be able to develop detection rules for the IDS software that i run...
some of the connections attempt logins and issue busybox commands while
others just sit until the mailer times out and drops them to the BBS where
they will sit until the BBS times out or they start their login attempt and
get booted...

in fact, i just caught another new variant using PEIN instead of MIRAI as
their watchword... so far my system is tracking at least 17 known
variants... each using a different watchword to detect the end of their
command execution attempts...

 JL> Anyone know a way to solve this, with iptables or the like?

there is some majik that can be cast that way but i prefer to run an
intrusion detection system with an automatic reaction tool... but i do this
on my perimeter firewall instead of on any of the BBS or server machines...

anyway, janis has some iptables recipe that she's using on her port 23 to
try to mitigate this... or she did... i have a brain cell kicking me and
saying that she did move from port 23 like so many other folks have done...

)\/(ark

Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin'
it wrong...
... Yellowknife - Many are cold but few are frozen.
---