Port 2323/tcp

• Previous message (by thread): Port 2323/tcp
• Next message (by thread): Port 2323/tcp
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Probably best to go with A) what we could do in the best of situations and B) what the rest will do. 

Some of us are last mile networks and *DO* care. 




----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

----- Original Message -----

From: "Mel Beckman" <mel at beckman.org> 
To: list at satchell.net 
Cc: nanog at nanog.org 
Sent: Wednesday, November 16, 2016 11:25:34 AM 
Subject: Re: Port 2323/tcp 

It's pretty much part of the IBR now. And what can a provider do, really? It's not likely he will expend much effort blocking customers. Maybe we should all start filtering 2323? 

-mel via cell 

> On Nov 16, 2016, at 11:53 AM, Stephen Satchell <list at satchell.net> wrote: 
> 
> I've been seeing a lot of rejections in my logs for 2323/tcp. According 
> to the Storm Center, this is what the Mirai botnet scanner uses to look 
> for other target devices. 
> 
> Is it worthwhile to report sightings to the appropriate abuse addresses? 
> (That assumes there *is* an abuse address associated with the IPv4 
> address that is the source.) Would administrations receiving these 
> notices do anything with them? 
> 
> Alternatively, is there anyone collecting this information from people 
> like me to expose the IP addresses of possible infections? 
> 
> I am toying with the idea of setting up a honey-pot, but I'm so far 
> behind with $DAYJOB that such a project will have to wait a bit. 
> 
> I want to be a good net citizen. I also want to make sure I'm not 
> wasting my time. 
> 
> Today's crop: 
> 
>> 1.34.169.183 
>> 12.221.236.2 
>> 14.138.22.12 
>> 14.169.142.30 
>> 14.174.71.158 
>> 14.177.197.101 
>> 31.168.146.33 
>> 31.168.212.174 
>> 36.71.224.179 
>> 36.72.253.206 
>> 37.106.18.86 
>> 42.115.187.189 
>> 42.117.254.248 
>> 42.119.228.222 
>> 43.225.195.180 
>> 46.59.6.249 
>> 49.114.192.91 
>> 58.11.238.146 
>> 58.186.231.59 
>> 59.8.136.21 
>> 59.49.191.4 
>> 59.57.68.56 
>> 59.126.35.47 
>> 59.126.242.70 
>> 59.127.104.67 
>> 59.127.242.8 
>> 60.251.125.125 
>> 61.219.165.38 
>> 73.84.152.194 
>> 78.179.113.148 
>> 78.186.61.30 
>> 78.189.169.142 
>> 78.226.222.234 
>> 79.119.74.255 
>> 81.16.8.193 
>> 81.101.233.14 
>> 81.214.121.43 
>> 81.214.134.133 
>> 81.214.137.197 
>> 82.77.68.189 
>> 83.233.40.141 
>> 85.96.202.199 
>> 85.99.121.41 
>> 85.238.103.111 
>> 86.121.225.48 
>> 87.251.252.22 
>> 88.249.224.167 
>> 89.122.87.239 
>> 89.151.128.198 
>> 90.177.91.201 
>> 92.53.52.235 
>> 92.55.231.90 
>> 94.31.239.178 
>> 94.254.41.152 
>> 94.255.162.90 
>> 95.78.245.54 
>> 95.106.34.92 
>> 95.161.236.182 
>> 96.57.103.19 
>> 101.0.43.13 
>> 108.203.68.245 
>> 110.55.108.215 
>> 110.136.233.10 
>> 112.133.69.176 
>> 112.165.93.130 
>> 112.186.42.216 
>> 113.5.224.110 
>> 113.161.64.11 
>> 113.169.18.153 
>> 113.171.98.158 
>> 113.172.4.204 
>> 113.183.204.112 
>> 113.188.44.246 
>> 114.32.28.219 
>> 114.32.87.32 
>> 114.32.189.5 
>> 114.34.29.167 
>> 114.34.170.10 
>> 114.35.153.123 
>> 114.226.53.133 
>> 115.76.127.118 
>> 116.73.65.248 
>> 116.100.170.92 
>> 117.0.7.77 
>> 117.1.26.234 
>> 117.195.254.3 
>> 118.32.44.99 
>> 118.42.15.21 
>> 118.43.112.120 
>> 118.100.64.159 
>> 118.163.191.208 
>> 119.199.160.207 
>> 119.202.78.47 
>> 120.71.215.81 
>> 121.129.203.22 
>> 121.178.104.129 
>> 121.180.53.143 
>> 122.117.245.28 
>> 123.9.72.86 
>> 123.16.78.77 
>> 123.23.49.149 
>> 123.24.108.10 
>> 123.24.250.187 
>> 123.25.74.209 
>> 123.27.159.13 
>> 123.240.245.72 
>> 124.66.99.251 
>> 124.131.28.38 
>> 125.166.193.206 
>> 125.227.138.132 
>> 138.204.203.66 
>> 171.97.245.221 
>> 171.224.7.147 
>> 171.226.20.220 
>> 171.232.118.93 
>> 171.248.210.120 
>> 171.249.223.213 
>> 171.250.26.209 
>> 173.56.21.67 
>> 175.138.81.130 
>> 175.203.202.232 
>> 175.207.137.139 
>> 175.211.251.156 
>> 177.207.49.108 
>> 177.207.67.170 
>> 177.223.52.193 
>> 178.222.246.96 
>> 179.4.140.63 
>> 179.235.55.39 
>> 179.253.163.107 
>> 180.73.117.62 
>> 180.254.224.10 
>> 182.37.156.98 
>> 182.180.80.75 
>> 182.180.123.43 
>> 183.46.49.216 
>> 183.144.245.235 
>> 186.19.48.158 
>> 186.69.170.130 
>> 186.219.1.156 
>> 187.104.248.17 
>> 187.211.63.51 
>> 188.209.153.15 
>> 189.101.220.244 
>> 189.234.9.147 
>> 191.103.35.250 
>> 191.180.198.31 
>> 191.249.21.41 
>> 196.207.83.23 
>> 197.224.37.108 
>> 201.243.225.103 
>> 210.178.250.121 
>> 211.7.146.51 
>> 211.216.202.191 
>> 213.5.216.213 
>> 213.14.195.100 
>> 213.170.76.149 
>> 217.129.243.48 
>> 218.161.121.178 
>> 218.186.43.224 
>> 220.85.169.133 
>> 220.132.111.124 
>> 220.133.24.142 
>> 220.133.198.71 
>> 220.133.234.229 
>> 220.134.132.200 
>> 220.134.193.133 
>> 220.135.64.43 
>> 221.145.147.78 
>> 221.159.105.17 
>> 221.167.64.53 
>> 222.254.238.188 
>> 223.154.223.159 
> 

• Previous message (by thread): Port 2323/tcp
• Next message (by thread): Port 2323/tcp
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]