Probably best to go with A) what we could do in the best of situations and B) what the rest will do. Some of us are last mile networks and *DO* care. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Mel Beckman" <mel@beckman.org> To: list@satchell.net Cc: nanog@nanog.org Sent: Wednesday, November 16, 2016 11:25:34 AM Subject: Re: Port 2323/tcp It's pretty much part of the IBR now. And what can a provider do, really? It's not likely he will expend much effort blocking customers. Maybe we should all start filtering 2323? -mel via cell
On Nov 16, 2016, at 11:53 AM, Stephen Satchell <list@satchell.net> wrote:
I've been seeing a lot of rejections in my logs for 2323/tcp. According to the Storm Center, this is what the Mirai botnet scanner uses to look for other target devices.
Is it worthwhile to report sightings to the appropriate abuse addresses? (That assumes there *is* an abuse address associated with the IPv4 address that is the source.) Would administrations receiving these notices do anything with them?
Alternatively, is there anyone collecting this information from people like me to expose the IP addresses of possible infections?
I am toying with the idea of setting up a honey-pot, but I'm so far behind with $DAYJOB that such a project will have to wait a bit.
I want to be a good net citizen. I also want to make sure I'm not wasting my time.
Today's crop:
1.34.169.183 12.221.236.2 14.138.22.12 14.169.142.30 14.174.71.158 14.177.197.101 31.168.146.33 31.168.212.174 36.71.224.179 36.72.253.206 37.106.18.86 42.115.187.189 42.117.254.248 42.119.228.222 43.225.195.180 46.59.6.249 49.114.192.91 58.11.238.146 58.186.231.59 59.8.136.21 59.49.191.4 59.57.68.56 59.126.35.47 59.126.242.70 59.127.104.67 59.127.242.8 60.251.125.125 61.219.165.38 73.84.152.194 78.179.113.148 78.186.61.30 78.189.169.142 78.226.222.234 79.119.74.255 81.16.8.193 81.101.233.14 81.214.121.43 81.214.134.133 81.214.137.197 82.77.68.189 83.233.40.141 85.96.202.199 85.99.121.41 85.238.103.111 86.121.225.48 87.251.252.22 88.249.224.167 89.122.87.239 89.151.128.198 90.177.91.201 92.53.52.235 92.55.231.90 94.31.239.178 94.254.41.152 94.255.162.90 95.78.245.54 95.106.34.92 95.161.236.182 96.57.103.19 101.0.43.13 108.203.68.245 110.55.108.215 110.136.233.10 112.133.69.176 112.165.93.130 112.186.42.216 113.5.224.110 113.161.64.11 113.169.18.153 113.171.98.158 113.172.4.204 113.183.204.112 113.188.44.246 114.32.28.219 114.32.87.32 114.32.189.5 114.34.29.167 114.34.170.10 114.35.153.123 114.226.53.133 115.76.127.118 116.73.65.248 116.100.170.92 117.0.7.77 117.1.26.234 117.195.254.3 118.32.44.99 118.42.15.21 118.43.112.120 118.100.64.159 118.163.191.208 119.199.160.207 119.202.78.47 120.71.215.81 121.129.203.22 121.178.104.129 121.180.53.143 122.117.245.28 123.9.72.86 123.16.78.77 123.23.49.149 123.24.108.10 123.24.250.187 123.25.74.209 123.27.159.13 123.240.245.72 124.66.99.251 124.131.28.38 125.166.193.206 125.227.138.132 138.204.203.66 171.97.245.221 171.224.7.147 171.226.20.220 171.232.118.93 171.248.210.120 171.249.223.213 171.250.26.209 173.56.21.67 175.138.81.130 175.203.202.232 175.207.137.139 175.211.251.156 177.207.49.108 177.207.67.170 177.223.52.193 178.222.246.96 179.4.140.63 179.235.55.39 179.253.163.107 180.73.117.62 180.254.224.10 182.37.156.98 182.180.80.75 182.180.123.43 183.46.49.216 183.144.245.235 186.19.48.158 186.69.170.130 186.219.1.156 187.104.248.17 187.211.63.51 188.209.153.15 189.101.220.244 189.234.9.147 191.103.35.250 191.180.198.31 191.249.21.41 196.207.83.23 197.224.37.108 201.243.225.103 210.178.250.121 211.7.146.51 211.216.202.191 213.5.216.213 213.14.195.100 213.170.76.149 217.129.243.48 218.161.121.178 218.186.43.224 220.85.169.133 220.132.111.124 220.133.24.142 220.133.198.71 220.133.234.229 220.134.132.200 220.134.193.133 220.135.64.43 221.145.147.78 221.159.105.17 221.167.64.53 222.254.238.188 223.154.223.159