Hello Lynwood, I had in my JNOS virtually a lot of attempts connections to port 23 from all part of the world, to achieve forwarding to other BBS had change the telnet port to 2323 and substantially lower these attempts.

When I speak attempts to port 23 are evidence of brute force, it is almost impossible to have open this port, also same the 20, 21, 443, etc.

73 Gabriel YV5KXE. Venezuela AmprNet Coordinator yv5kxe.ampr.org

Date: Thu, 29 Sep 2016 12:15:57 -0400 From: lleachii@aol.com To: 44net@hamradio.ucsd.edu Subject:Date: Thu, 29 Sep 2016 12:15:57 -0400 From: lleachii@aol.com To: 44net@hamradio.ucsd.edu Subject: [44net] Security - Telnet (port tcp/23) Message-ID: 8c28faa2-76ff-45a9-06c6-1705433cf307@aol.com Content-Type: text/plain; charset=windows-1252; format=flowed

All,

In June, we discussed a topic entitled: "Odd Username attempts at login" where Bill, KG6BAJ noticed odd connection attempts to his JNOS system via Telnet.

I have recently been working on my SNMP and NetFlow servers, and noticed quite a bit of Telnet connection attempts from Asia, Europe and South America. While I have also seen SSH, RDP, NTP, ICMP and VNC, by far the largest amount of traffic reaching my border interface is Telnet.

Doing some research, I discovered that NIC.CZ http://nic.cz/ has been operating the Turris Project. They have determined that these attempts are coming from a botnet of embedded devices that have Telnet vulnerabilities.

I have provided a link to those findings here: https://en.blog.nic.cz/2016/09/01/telnet-is-not-dead-at- least-not-on-smart-devices/

09-28 19:57:36 0.000 TCP 60.189.137.98:28940 -> 44.60.44.128:2323 09-28 19:57:55 0.000 TCP 115.219.124.37:49067 -> 44.60.44.133:23 09-28 19:57:55 0.000 TCP 222.124.85.17:34905 -> 44.60.44.133:23 09-28 19:57:52 5.552 TCP 190.67.215.114:29593 -> 44.60.44.6:23 09-28 19:58:03 0.123 TCP 115.219.124.37:21070 -> 44.60.44.133:23 09-28 19:58:54 0.000 TCP 116.102.62.182:37311 -> 44.60.44.135:23

Please be mindful.

73,

- Lynwood KB3VWG