29 Sep
2016
29 Sep
'16
11:24 a.m.
As always, the best practice recommendation is to disable telnet logins
entirely as it represents a security issue because passwords pass over
the connection in clear plaintext.
- Brian
On Thu, Sep 29, 2016 at 12:15:57PM -0400, lleachii--- via 44Net wrote:
I have recently been working on my SNMP and NetFlow
servers, and
noticed quite a bit of Telnet connection attempts from Asia, Europe
and South America. While I have also seen SSH, RDP, NTP, ICMP and
VNC, by far the largest amount of traffic reaching my border
interface is Telnet.
Doing some research, I discovered that NIC.CZ has been operating the
Turris Project. They have determined that these attempts are coming
from a botnet of embedded devices that have Telnet vulnerabilities.
I have provided a link to those findings here:
https://en.blog.nic.cz/2016/09/01/telnet-is-not-dead-at-least-not-on-smart-…
Please be mindful.