On 2018 Mar 14 00:41:12, you wrote to All:

 BF> I really do want to keep my port 23 open, so that my users can telnet
 BF> to my BBS.

ok... you can do that...

 BF> But as most of you probably know, there's a huge operation going on
 BF> with hijacked computers trying to connect to other port 23 computers.

"*a* huge operation"?? think again... try "several" or "numerous"... there are
quite a few different groups fighting each other... many over farkin games...
some are just cheating... in all cases, they are building botnets so they can
DDOS other systems and cheat in their games or try to take someone else's
botnet bit by bit... or just be a festering boil because they have no proper
home training or upbringing... take your pick...

 BF> Well, if you like me have Argus setup to answer incoming port 23
 BF> calls, you probably know that there's very little double escape
 BF> character response. So how do you handle this?

block'em at the perimeter via IDS/IPS and be done with them... stop screwing
around... if you don't have a perimeter firewall, you should get one... yeah, i
 mean replacing that POC in the ISP modem thing... preferably a firewall with
an IDS/IPS so that you can write your own rules and block these MIRAI
variants...

 BF> Originally I was planning on sending a huge response (as in typing a
 BF> big exe-file) but I abandoned that idea since it meant that my system
 BF> was hanging after the remote system quickly disconnected.

that type of retaliation won't do a damned thing... they won't even see it...
just block them and move on... or get off of 23 and 2323 and live a quiet
life... i've been writing about this stuff since july or august of MIRAI when i
 first started writing IDS rules to detect the shite and block it... it is
exactly what my signature block talks of, too...

)\/(ark

Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it
wrong...
... It's lonely at the top, but you eat better.
---
 * Origin:  (1:3634/12.73)