A review of all inbound connection over the past 3 weeks against my honeypot shows the top 2 targeted services were no surprise; a large amount of SSH (22, 2222) activity followed by Telnet (23) which Shodan still identifies over 2.7M hosts exposed to the Internet. I previous did a diary [5,6] comparing SSH ports & banners as well as Telnet and RDP [7] on which the type of activity being logged hasn't really changed over time. One port that I was surprised to see as part of my top 5 was 6379, "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker."[8] Indicators 218.92.0.202 (12,081) [1] https://www.shodan.io/search?query=port:23 ----------- |
Guy 522 Posts ISC Handler Jan 16th 2022 |
Thread locked Subscribe |
Jan 16th 2022 4 months ago |
Sign Up for Free or Log In to start participating in the conversation!