What is happening on 2323/TCP?
A number of sources, including DShield, have noticed an uptick on port 2323 TCP beginning around 3 weeks ago.
This is the scanner portion of the Mirai botnet scanning for IoT devices on both 23/TCP and 2323/TCP. There are a number of IoT devices that use port 2323/TCP as an alternate port for Telnet. Those who have setup listeners on port 2323 are seeing brute force credential attacks utilizing a small dictionary.
The Mirai botnet iwas used to attempt to DDOS Brian Krebs website i and ifor the nearly 1 Tbps DDOS against OVH in late September
-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)
Keywords:
2 comment(s)
×
Diary Archives
Comments
Anonymous
Oct 7th 2016
8 years ago
Anonymous
Oct 14th 2016
8 years ago