16 Nov
2016
16 Nov
'16
7:11 p.m.
I'm a bit late on this thread, but it was, more-than-likely the Mirai bot
(which was subsequently responsible for the internet-wide DDOS a few weeks
ago).. at least that was what kept hitting my VAX several times a second,
until I limited my tcp connection rate to 23/tcp.
Reading the code when it was released, it was pure happenstance that it
tried the "system" account (the code for Mirai made it out a day or so
after the attack....).
Apologies if this was already a part of this thread (I don't see the
entirety of the thread on this device..).
\fwiw
joe
On Tue, Oct 25, 2016 at 10:48 AM, Sampsa Laine <sampsa at mac.com> wrote:
Guys,
I basically had HILANT:: totally lose the plot because of these telnet
botnets that are hitting port 23/tcp all over the place.
Have any of you guys been affected? I have a feeling as I?ve got a Finnish
IP address I might be one of the Lucky Winners of Putin?s latest ragefest.
FYI, these scripts are smarter than the usual root/Administrator scripts -
I logged in and there had been over 49,000 attempts to log in to the SYSTEM
account?
Anyway, I?ve changed the NAT forwarding to another port (if you happen to
use HILANT:: via Telnet it?s now at telnet://hilant.sampsa.com:2389.
Also, is renaming the SYSTEM account likely to break stuff? They seem to
be targeting that specific username so I figured I?d change it to STALIN or
something?
Sampsa