I recommend disabling the access to unneeded management services and to the remaining ones, restricting the access to them from the networks used by the administrators.

Of course. And we had that already in place on the routers inside our own part of the network (which was deployed to facilitate our co-channel diversity repeater network).

However, above I was discussing the settings on our internet gateway. I cannot control what all the individual amateurs, with varying networking skills, do on their routers at home, but by filtering inbound connects to port 8291 I can protect them from the current problem.

There now are 430.000 addresses in the scan I did last night. only net-44 addresses:

44.140.129.12 44-25-128-124.ip.hamwan.net[44.25.128.124] 44.34.131.144

But of course, when people start filtering outbound 8291 connections, it is not a complete picture.

Rob