On 2018 Mar 14 00:41:12, you wrote to All:   
      
    BF> I really do want to keep my port 23 open, so that my users can telnet   
    BF> to my BBS.   
      
   ok... you can do that...   
      
    BF> But as most of you probably know, there's a huge operation going on   
    BF> with hijacked computers trying to connect to other port 23 computers.   
      
   "*a* huge operation"?? think again... try "several" or "numerous"... there are   
   quite a few different groups fighting each other... many over farkin games...   
   some are just cheating... in all cases, they are building botnets so they can   
   DDOS other systems and cheat in their games or try to take someone else's   
   botnet bit by bit... or just be a festering boil because they have no proper   
   home training or upbringing... take your pick...   
      
    BF> Well, if you like me have Argus setup to answer incoming port 23   
    BF> calls, you probably know that there's very little double escape   
    BF> character response. So how do you handle this?   
      
   block'em at the perimeter via IDS/IPS and be done with them... stop screwing   
   around... if you don't have a perimeter firewall, you should get one... yeah, i   
    mean replacing that POC in the ISP modem thing... preferably a firewall with   
   an IDS/IPS so that you can write your own rules and block these MIRAI   
   variants...   
      
    BF> Originally I was planning on sending a huge response (as in typing a   
    BF> big exe-file) but I abandoned that idea since it meant that my system   
    BF> was hanging after the remote system quickly disconnected.   
      
   that type of retaliation won't do a damned thing... they won't even see it...   
   just block them and move on... or get off of 23 and 2323 and live a quiet   
   life... i've been writing about this stuff since july or august of MIRAI when i   
    first started writing IDS rules to detect the shite and block it... it is   
   exactly what my signature block talks of, too...   
      
   )\/(ark   
      
   Always Mount a Scratch Monkey   
   Do you manage your own servers? If you are not running an IDS/IPS yer doin' it   
   wrong...   
   ... It's lonely at the top, but you eat better.   
   ---   
    * Origin:  (1:3634/12.73)