[192714] in North American Network Operators' Group
Re: Port 2323/tcp
daemon@ATHENA.MIT.EDU (Mike Hammett)
Wed Nov 16 12:38:53 2016
X-Original-To: nanog@nanog.org
Date: Wed, 16 Nov 2016 11:38:44 -0600 (CST)
From: Mike Hammett <nanog@ics-il.net>
Cc: nanog@nanog.org
In-Reply-To: <E82EDBEA-0BC9-45C5-A673-AA7377978D95@beckman.org>
Errors-To: nanog-bounces@nanog.org
Probably best to go with A) what we could do in the best of situations and B) what the rest will do.
Some of us are last mile networks and *DO* care.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
----- Original Message -----
From: "Mel Beckman" <mel@beckman.org>
To: list@satchell.net
Cc: nanog@nanog.org
Sent: Wednesday, November 16, 2016 11:25:34 AM
Subject: Re: Port 2323/tcp
It's pretty much part of the IBR now. And what can a provider do, really? It's not likely he will expend much effort blocking customers. Maybe we should all start filtering 2323?
-mel via cell
> On Nov 16, 2016, at 11:53 AM, Stephen Satchell <list@satchell.net> wrote:
>
> I've been seeing a lot of rejections in my logs for 2323/tcp. According
> to the Storm Center, this is what the Mirai botnet scanner uses to look
> for other target devices.
>
> Is it worthwhile to report sightings to the appropriate abuse addresses?
> (That assumes there *is* an abuse address associated with the IPv4
> address that is the source.) Would administrations receiving these
> notices do anything with them?
>
> Alternatively, is there anyone collecting this information from people
> like me to expose the IP addresses of possible infections?
>
> I am toying with the idea of setting up a honey-pot, but I'm so far
> behind with $DAYJOB that such a project will have to wait a bit.
>
> I want to be a good net citizen. I also want to make sure I'm not
> wasting my time.
>
> Today's crop:
>
>> 1.34.169.183
>> 12.221.236.2
>> 14.138.22.12
>> 14.169.142.30
>> 14.174.71.158
>> 14.177.197.101
>> 31.168.146.33
>> 31.168.212.174
>> 36.71.224.179
>> 36.72.253.206
>> 37.106.18.86
>> 42.115.187.189
>> 42.117.254.248
>> 42.119.228.222
>> 43.225.195.180
>> 46.59.6.249
>> 49.114.192.91
>> 58.11.238.146
>> 58.186.231.59
>> 59.8.136.21
>> 59.49.191.4
>> 59.57.68.56
>> 59.126.35.47
>> 59.126.242.70
>> 59.127.104.67
>> 59.127.242.8
>> 60.251.125.125
>> 61.219.165.38
>> 73.84.152.194
>> 78.179.113.148
>> 78.186.61.30
>> 78.189.169.142
>> 78.226.222.234
>> 79.119.74.255
>> 81.16.8.193
>> 81.101.233.14
>> 81.214.121.43
>> 81.214.134.133
>> 81.214.137.197
>> 82.77.68.189
>> 83.233.40.141
>> 85.96.202.199
>> 85.99.121.41
>> 85.238.103.111
>> 86.121.225.48
>> 87.251.252.22
>> 88.249.224.167
>> 89.122.87.239
>> 89.151.128.198
>> 90.177.91.201
>> 92.53.52.235
>> 92.55.231.90
>> 94.31.239.178
>> 94.254.41.152
>> 94.255.162.90
>> 95.78.245.54
>> 95.106.34.92
>> 95.161.236.182
>> 96.57.103.19
>> 101.0.43.13
>> 108.203.68.245
>> 110.55.108.215
>> 110.136.233.10
>> 112.133.69.176
>> 112.165.93.130
>> 112.186.42.216
>> 113.5.224.110
>> 113.161.64.11
>> 113.169.18.153
>> 113.171.98.158
>> 113.172.4.204
>> 113.183.204.112
>> 113.188.44.246
>> 114.32.28.219
>> 114.32.87.32
>> 114.32.189.5
>> 114.34.29.167
>> 114.34.170.10
>> 114.35.153.123
>> 114.226.53.133
>> 115.76.127.118
>> 116.73.65.248
>> 116.100.170.92
>> 117.0.7.77
>> 117.1.26.234
>> 117.195.254.3
>> 118.32.44.99
>> 118.42.15.21
>> 118.43.112.120
>> 118.100.64.159
>> 118.163.191.208
>> 119.199.160.207
>> 119.202.78.47
>> 120.71.215.81
>> 121.129.203.22
>> 121.178.104.129
>> 121.180.53.143
>> 122.117.245.28
>> 123.9.72.86
>> 123.16.78.77
>> 123.23.49.149
>> 123.24.108.10
>> 123.24.250.187
>> 123.25.74.209
>> 123.27.159.13
>> 123.240.245.72
>> 124.66.99.251
>> 124.131.28.38
>> 125.166.193.206
>> 125.227.138.132
>> 138.204.203.66
>> 171.97.245.221
>> 171.224.7.147
>> 171.226.20.220
>> 171.232.118.93
>> 171.248.210.120
>> 171.249.223.213
>> 171.250.26.209
>> 173.56.21.67
>> 175.138.81.130
>> 175.203.202.232
>> 175.207.137.139
>> 175.211.251.156
>> 177.207.49.108
>> 177.207.67.170
>> 177.223.52.193
>> 178.222.246.96
>> 179.4.140.63
>> 179.235.55.39
>> 179.253.163.107
>> 180.73.117.62
>> 180.254.224.10
>> 182.37.156.98
>> 182.180.80.75
>> 182.180.123.43
>> 183.46.49.216
>> 183.144.245.235
>> 186.19.48.158
>> 186.69.170.130
>> 186.219.1.156
>> 187.104.248.17
>> 187.211.63.51
>> 188.209.153.15
>> 189.101.220.244
>> 189.234.9.147
>> 191.103.35.250
>> 191.180.198.31
>> 191.249.21.41
>> 196.207.83.23
>> 197.224.37.108
>> 201.243.225.103
>> 210.178.250.121
>> 211.7.146.51
>> 211.216.202.191
>> 213.5.216.213
>> 213.14.195.100
>> 213.170.76.149
>> 217.129.243.48
>> 218.161.121.178
>> 218.186.43.224
>> 220.85.169.133
>> 220.132.111.124
>> 220.133.24.142
>> 220.133.198.71
>> 220.133.234.229
>> 220.134.132.200
>> 220.134.193.133
>> 220.135.64.43
>> 221.145.147.78
>> 221.159.105.17
>> 221.167.64.53
>> 222.254.238.188
>> 223.154.223.159
>
