Port 23 (tcp/udp) Attack Activity

Port Information
Protocol	Service	Name
tcp	telnet	Telnet
udp	telnet	Telnet
tcp	ADMworm	[trojan] ADM worm
tcp	FireHacKer	[trojan] Fire HacKer
tcp	MyVeryOwntrojan	[trojan] My Very Own trojan
tcp	RTB666	[trojan] RTB 666
tcp	TelnetPro	[trojan] Telnet Pro
tcp	TinyTelnetServer	[trojan] Tiny Telnet Server - TTS
tcp	TruvaAtl	[trojan] Truva Atl

Port diary mentions
URL
Distributed FTPPort 21 scan follow-up; Port 23 scan increases;
Something new on Telnet?
Solaris worm?
America's Got Telnet !
Increase in Port 23 (telnet) scanning
What is happening on 2323TCP?
Ongoing Scans Below the Radar
WTF tcp port 81

User Comments
Submitted By	Date
Comment
	2015-12-27 03:19:02
say, another thought, there's a "Snort" rule that appears to alert if a Juniper Network backdoor password attempt was made. (https://gist.github.com/fox-srt/ca94b350f2a91bd8ed3f) does that mean that, with all these port 23 hits happening, that the Juniper backdoor could have been found years ago by pretty much anyone on the Internet who just monitored the actual packets they were being probed with? if any of them were actually such attempts. maybe they'd have to use it to do some scanning themselves to find what it was for though. does anyone do that?
	2015-12-27 03:18:55
Gee, activity on this ssl port became really strong around the middle of 2012, and the Juniper Networks ssl backdoor showed up around the middle of 2012. Only nobody knew it then. How did that happen?

CVE Links
CVE #	Description
CVE-2001-0797
CVE-2015-0014	Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows Telnet Service Buffer Overflow Vulnerability."