On 2017 May 21 23:52:22, you wrote to All:   
      
    JL> I want to run my board on port 23, but I keep getting unwanted connections   
    JL> to it. Mostly from Chinese hackers, I presume.   
      
   nope... most likely they are MIRIA trying to figure out if your BBS is a DVR,   
   a (not so) smart TV, an IP Camera or a vulnerable router... my old school   
   frontdoor mailer shows their connection attempts to me all the time... it is   
   why i was one of the very first to raise alerts to them and also be able to   
   develop detection rules for the IDS software that i run... some of the   
   connections attempt logins and issue busybox commands while others just sit   
   until the mailer times out and drops them to the BBS where they will sit until   
   the BBS times out or they start their login attempt and get booted...   
      
   in fact, i just caught another new variant using PEIN instead of MIRAI as   
   their watchword... so far my system is tracking at least 17 known variants...   
   each using a different watchword to detect the end of their command execution   
   attempts...   
      
    JL> Anyone know a way to solve this, with iptables or the like?   
      
   there is some majik that can be cast that way but i prefer to run an intrusion   
   detection system with an automatic reaction tool... but i do this on my   
   perimeter firewall instead of on any of the BBS or server machines...   
      
   anyway, janis has some iptables recipe that she's using on her port 23 to try   
   to mitigate this... or she did... i have a brain cell kicking me and saying   
   that she did move from port 23 like so many other folks have done...   
      
   )\/(ark   
      
   Always Mount a Scratch Monkey   
   Do you manage your own servers? If you are not running an IDS/IPS yer doin' it   
   wrong...   
   ... Yellowknife - Many are cold but few are frozen.   
   ---   
    * Origin:  (1:3634/12.73)