[44net] Security - Telnet (port tcp/23)

All, In June, we discussed a topic entitled: "Odd Username attempts at login" where Bill, KG6BAJ noticed odd connection attempts to his JNOS system via Telnet. I have recently been working on my SNMP and NetFlow servers, and noticed quite a bit of Telnet connection attempts from Asia, Europe and South America. While I have also seen SSH, RDP, NTP, ICMP and VNC, by far the largest amount of traffic reaching my border interface is Telnet. Doing some research, I discovered that NIC.CZ has been operating the Turris Project. They have determined that these attempts are coming from a botnet of embedded devices that have Telnet vulnerabilities. I have provided a link to those findings here: https://en.blog.nic.cz/2016/09/01/telnet-is-not-dead-at-least-not-on-smart-… 09-28 19:57:36 0.000 TCP 60.189.137.98:28940 -> 44.60.44.128:2323 09-28 19:57:55 0.000 TCP 115.219.124.37:49067 -> 44.60.44.133:23 09-28 19:57:55 0.000 TCP 222.124.85.17:34905 -> 44.60.44.133:23 09-28 19:57:52 5.552 TCP 190.67.215.114:29593 -> 44.60.44.6:23 09-28 19:58:03 0.123 TCP 115.219.124.37:21070 -> 44.60.44.133:23 09-28 19:58:54 0.000 TCP 116.102.62.182:37311 -> 44.60.44.135:23 Please be mindful. 73, - Lynwood KB3VWG