As always, the best practice recommendation is to disable telnet logins entirely as it represents a security issue because passwords pass over the connection in clear plaintext. - Brian
On Thu, Sep 29, 2016 at 12:15:57PM -0400, lleachii--- via 44Net wrote:
I have recently been working on my SNMP and NetFlow servers, and noticed quite a bit of Telnet connection attempts from Asia, Europe and South America. While I have also seen SSH, RDP, NTP, ICMP and VNC, by far the largest amount of traffic reaching my border interface is Telnet.
Doing some research, I discovered that NIC.CZ has been operating the Turris Project. They have determined that these attempts are coming from a botnet of embedded devices that have Telnet vulnerabilities.
I have provided a link to those findings here: https://en.blog.nic.cz/2016/09/01/telnet-is-not-dead-at-least-not-on-smart-d...
Please be mindful.