Port 2323/tcp

Wed Nov 16 16:52:19 UTC 2016

I've been seeing a lot of rejections in my logs for 2323/tcp.  According
to the Storm Center, this is what the Mirai botnet scanner uses to look
for other target devices.

Is it worthwhile to report sightings to the appropriate abuse addresses?
 (That assumes there *is* an abuse address associated with the IPv4
address that is the source.)  Would administrations receiving these
notices do anything with them?

Alternatively, is there anyone collecting this information from people
like me to expose the IP addresses of possible infections?

I am toying with the idea of setting up a honey-pot, but I'm so far
behind with $DAYJOB that such a project will have to wait a bit.

I want to be a good net citizen.  I also want to make sure I'm not
wasting my time.

Today's crop:

> 1.34.169.183
> 12.221.236.2
> 14.138.22.12
> 14.169.142.30
> 14.174.71.158
> 14.177.197.101
> 31.168.146.33
> 31.168.212.174
> 36.71.224.179
> 36.72.253.206
> 37.106.18.86
> 42.115.187.189
> 42.117.254.248
> 42.119.228.222
> 43.225.195.180
> 46.59.6.249
> 49.114.192.91
> 58.11.238.146
> 58.186.231.59
> 59.8.136.21
> 59.49.191.4
> 59.57.68.56
> 59.126.35.47
> 59.126.242.70
> 59.127.104.67
> 59.127.242.8
> 60.251.125.125
> 61.219.165.38
> 73.84.152.194
> 78.179.113.148
> 78.186.61.30
> 78.189.169.142
> 78.226.222.234
> 79.119.74.255
> 81.16.8.193
> 81.101.233.14
> 81.214.121.43
> 81.214.134.133
> 81.214.137.197
> 82.77.68.189
> 83.233.40.141
> 85.96.202.199
> 85.99.121.41
> 85.238.103.111
> 86.121.225.48
> 87.251.252.22
> 88.249.224.167
> 89.122.87.239
> 89.151.128.198
> 90.177.91.201
> 92.53.52.235
> 92.55.231.90
> 94.31.239.178
> 94.254.41.152
> 94.255.162.90
> 95.78.245.54
> 95.106.34.92
> 95.161.236.182
> 96.57.103.19
> 101.0.43.13
> 108.203.68.245
> 110.55.108.215
> 110.136.233.10
> 112.133.69.176
> 112.165.93.130
> 112.186.42.216
> 113.5.224.110
> 113.161.64.11
> 113.169.18.153
> 113.171.98.158
> 113.172.4.204
> 113.183.204.112
> 113.188.44.246
> 114.32.28.219
> 114.32.87.32
> 114.32.189.5
> 114.34.29.167
> 114.34.170.10
> 114.35.153.123
> 114.226.53.133
> 115.76.127.118
> 116.73.65.248
> 116.100.170.92
> 117.0.7.77
> 117.1.26.234
> 117.195.254.3
> 118.32.44.99
> 118.42.15.21
> 118.43.112.120
> 118.100.64.159
> 118.163.191.208
> 119.199.160.207
> 119.202.78.47
> 120.71.215.81
> 121.129.203.22
> 121.178.104.129
> 121.180.53.143
> 122.117.245.28
> 123.9.72.86
> 123.16.78.77
> 123.23.49.149
> 123.24.108.10
> 123.24.250.187
> 123.25.74.209
> 123.27.159.13
> 123.240.245.72
> 124.66.99.251
> 124.131.28.38
> 125.166.193.206
> 125.227.138.132
> 138.204.203.66
> 171.97.245.221
> 171.224.7.147
> 171.226.20.220
> 171.232.118.93
> 171.248.210.120
> 171.249.223.213
> 171.250.26.209
> 173.56.21.67
> 175.138.81.130
> 175.203.202.232
> 175.207.137.139
> 175.211.251.156
> 177.207.49.108
> 177.207.67.170
> 177.223.52.193
> 178.222.246.96
> 179.4.140.63
> 179.235.55.39
> 179.253.163.107
> 180.73.117.62
> 180.254.224.10
> 182.37.156.98
> 182.180.80.75
> 182.180.123.43
> 183.46.49.216
> 183.144.245.235
> 186.19.48.158
> 186.69.170.130
> 186.219.1.156
> 187.104.248.17
> 187.211.63.51
> 188.209.153.15
> 189.101.220.244
> 189.234.9.147
> 191.103.35.250
> 191.180.198.31
> 191.249.21.41
> 196.207.83.23
> 197.224.37.108
> 201.243.225.103
> 210.178.250.121
> 211.7.146.51
> 211.216.202.191
> 213.5.216.213
> 213.14.195.100
> 213.170.76.149
> 217.129.243.48
> 218.161.121.178
> 218.186.43.224
> 220.85.169.133
> 220.132.111.124
> 220.133.24.142
> 220.133.198.71
> 220.133.234.229
> 220.134.132.200
> 220.134.193.133
> 220.135.64.43
> 221.145.147.78
> 221.159.105.17
> 221.167.64.53
> 222.254.238.188
> 223.154.223.159