j b l wrote in a message to mark lewis:   
      
    jbl>  Re: Unwanted connections to port 23.   
    jbl>  By: mark lewis to Ignatius on Mon Jun 12 2017 04:35 am   
      
      
    ML> intrusion detection systems are the only things i've seen that   
    ML> come close   
    ML> but the connection and attempted login still has to take place... the   
    ML> *ONLY* other option is to get off of port 23 and the other few   
    ML> that MIRAI   
    ML> specifically targets... that includes the default SSH port as well...   
      
    jbl> I've just come across a utility, called "PSAD", it is a port   
    jbl> scanning utility.. if the "danger level" meets a certain   
    jbl> threshold, it will automatically block the offending IP address.   
    jbl> Pretty cool. I'm still testing it out at the moment, but this may   
    jbl> be what i've been looking for.   
      
   I have minimized these attempts with the following entries in sbbs.ini:   
      
   LoginAttemptDelay = 50000   
   LoginAttemptThrottle = 50000   
   LoginAttemptHackThreshold = 3   
   LoginAttemptBanThreshold = 3   
      
   Assume a bot attempts a login as Root. Root does not exist in the user files.   
   The 50000 value will pause the next login prompt 45 seconds before another   
   login name can be entered. This is usually enough time for the bot to move on   
   to its next victim. The downside is, if a real user accidentally places a typo   
   in their login name, they will have to wait 45 seconds before they are   
   prompted for their login name again. That can be remedied with a warning   
   screen prior to the login prompt, letting your users know that because of   
   automated hacking bots, failed login attempts will be paused 45 seconds before   
   the next login attempt will be accepted.   
      
   It works well here.   
      
   Regards,   
      
    Joe    
   --- timEd/386 1.10+   
    * Origin: Fire on the Bayou BBS - bayouflames.ddns.net (1:3828/12)