On 2017 Jan 29 10:44:16, you wrote to All:

 CS> Most of the ones that are in IP.can try to log in as Root and such.
 CS> It proved to be easier later to domain ban but some of those are in
 CS> domains I can't ban like Canada.

this sounds like MIRAI and its various clones... they are trying to infext IOT
stuffs... DVRs, TV, routers, IPCAMs, and similar... they specifically target
port 23 and 2323 plus at least two others but those two are the main telnet
ones they target... to get away from them the easiest way is to simply get off
port 23 and 2323 for telnet connections... i've written about this numerous
times in the synchronet areas on fidonet as well as a few additional areas...

FWIW: i block them on my perimeter firewall using an automated attack response
tool that works with my intrusion detection system (aka IDS)...

)\/(ark

Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it
wrong...
... All I want for Christmas is... a 233Mhz with a 4.3Gb HD , 32MB, 4 Mb Video,
24
---