I recommend disabling the access to unneeded
management services and to
the remaining ones, restricting the access to them from the networks
used by the administrators.
Of course. And we had that already in place on the routers inside our own part
of the network (which was deployed to facilitate our co-channel diversity repeater
network).
However, above I was discussing the settings on our internet gateway. I cannot control
what all the individual amateurs, with varying networking skills, do on their routers at
home,
but by filtering inbound connects to port 8291 I can protect them from the current
problem.
There now are 430.000 addresses in the scan I did last night. only net-44 addresses:
44.140.129.12
44-25-128-124.ip.hamwan.net[44.25.128.124]
44.34.131.144
But of course, when people start filtering outbound 8291 connections, it is not a complete
picture.
Rob