It's pretty much part of the IBR now. And what can a provider do, really? It's not likely he will expend much effort blocking customers. Maybe we should all start filtering 2323?
-mel via cell > On Nov 16, 2016, at 11:53 AM, Stephen Satchell <l...@satchell.net> wrote: > > I've been seeing a lot of rejections in my logs for 2323/tcp. According > to the Storm Center, this is what the Mirai botnet scanner uses to look > for other target devices. > > Is it worthwhile to report sightings to the appropriate abuse addresses? > (That assumes there *is* an abuse address associated with the IPv4 > address that is the source.) Would administrations receiving these > notices do anything with them? > > Alternatively, is there anyone collecting this information from people > like me to expose the IP addresses of possible infections? > > I am toying with the idea of setting up a honey-pot, but I'm so far > behind with $DAYJOB that such a project will have to wait a bit. > > I want to be a good net citizen. I also want to make sure I'm not > wasting my time. > > Today's crop: > >> 1.34.169.183 >> 12.221.236.2 >> 14.138.22.12 >> 14.169.142.30 >> 14.174.71.158 >> 14.177.197.101 >> 31.168.146.33 >> 31.168.212.174 >> 36.71.224.179 >> 36.72.253.206 >> 37.106.18.86 >> 42.115.187.189 >> 42.117.254.248 >> 42.119.228.222 >> 43.225.195.180 >> 46.59.6.249 >> 49.114.192.91 >> 58.11.238.146 >> 58.186.231.59 >> 59.8.136.21 >> 59.49.191.4 >> 59.57.68.56 >> 59.126.35.47 >> 59.126.242.70 >> 59.127.104.67 >> 59.127.242.8 >> 60.251.125.125 >> 61.219.165.38 >> 73.84.152.194 >> 78.179.113.148 >> 78.186.61.30 >> 78.189.169.142 >> 78.226.222.234 >> 79.119.74.255 >> 81.16.8.193 >> 81.101.233.14 >> 81.214.121.43 >> 81.214.134.133 >> 81.214.137.197 >> 82.77.68.189 >> 83.233.40.141 >> 85.96.202.199 >> 85.99.121.41 >> 85.238.103.111 >> 86.121.225.48 >> 87.251.252.22 >> 88.249.224.167 >> 89.122.87.239 >> 89.151.128.198 >> 90.177.91.201 >> 92.53.52.235 >> 92.55.231.90 >> 94.31.239.178 >> 94.254.41.152 >> 94.255.162.90 >> 95.78.245.54 >> 95.106.34.92 >> 95.161.236.182 >> 96.57.103.19 >> 101.0.43.13 >> 108.203.68.245 >> 110.55.108.215 >> 110.136.233.10 >> 112.133.69.176 >> 112.165.93.130 >> 112.186.42.216 >> 113.5.224.110 >> 113.161.64.11 >> 113.169.18.153 >> 113.171.98.158 >> 113.172.4.204 >> 113.183.204.112 >> 113.188.44.246 >> 114.32.28.219 >> 114.32.87.32 >> 114.32.189.5 >> 114.34.29.167 >> 114.34.170.10 >> 114.35.153.123 >> 114.226.53.133 >> 115.76.127.118 >> 116.73.65.248 >> 116.100.170.92 >> 117.0.7.77 >> 117.1.26.234 >> 117.195.254.3 >> 118.32.44.99 >> 118.42.15.21 >> 118.43.112.120 >> 118.100.64.159 >> 118.163.191.208 >> 119.199.160.207 >> 119.202.78.47 >> 120.71.215.81 >> 121.129.203.22 >> 121.178.104.129 >> 121.180.53.143 >> 122.117.245.28 >> 123.9.72.86 >> 123.16.78.77 >> 123.23.49.149 >> 123.24.108.10 >> 123.24.250.187 >> 123.25.74.209 >> 123.27.159.13 >> 123.240.245.72 >> 124.66.99.251 >> 124.131.28.38 >> 125.166.193.206 >> 125.227.138.132 >> 138.204.203.66 >> 171.97.245.221 >> 171.224.7.147 >> 171.226.20.220 >> 171.232.118.93 >> 171.248.210.120 >> 171.249.223.213 >> 171.250.26.209 >> 173.56.21.67 >> 175.138.81.130 >> 175.203.202.232 >> 175.207.137.139 >> 175.211.251.156 >> 177.207.49.108 >> 177.207.67.170 >> 177.223.52.193 >> 178.222.246.96 >> 179.4.140.63 >> 179.235.55.39 >> 179.253.163.107 >> 180.73.117.62 >> 180.254.224.10 >> 182.37.156.98 >> 182.180.80.75 >> 182.180.123.43 >> 183.46.49.216 >> 183.144.245.235 >> 186.19.48.158 >> 186.69.170.130 >> 186.219.1.156 >> 187.104.248.17 >> 187.211.63.51 >> 188.209.153.15 >> 189.101.220.244 >> 189.234.9.147 >> 191.103.35.250 >> 191.180.198.31 >> 191.249.21.41 >> 196.207.83.23 >> 197.224.37.108 >> 201.243.225.103 >> 210.178.250.121 >> 211.7.146.51 >> 211.216.202.191 >> 213.5.216.213 >> 213.14.195.100 >> 213.170.76.149 >> 217.129.243.48 >> 218.161.121.178 >> 218.186.43.224 >> 220.85.169.133 >> 220.132.111.124 >> 220.133.24.142 >> 220.133.198.71 >> 220.133.234.229 >> 220.134.132.200 >> 220.134.193.133 >> 220.135.64.43 >> 221.145.147.78 >> 221.159.105.17 >> 221.167.64.53 >> 222.254.238.188 >> 223.154.223.159 >
