by   May 07 2012   
TelNet Port 23 Exploit Simple Service Probe with Smart IP patterns Recommended blocked IP range based on logs: 49.1.251.1 to 49.1.251.255

Simple Service Probe with Smart IP patterns

Normal service port probes come in patterns of 2 or more.

This time the pattern was random attempts with IP change

IPs could be spoofed but the pattern is good to drop below radar.

Attempt was TelNet Port 23 Exploit

Is this your network?

Is this your PatterN?

Times are based on 24 hour clock but they do not reflect actual time of log. The groups are based on time and seperated to show that IP addresses did not repeat during the Telnet 23 Exploit attempt.

Recommended blocked IP range based on logs:
49.1.251.1 to 49.1.251.255

  1. 49.1.251.229 device blocked port 3h 31m 41s
  2. 49.1.251.218 device blocked port 3h 31m 41s
  3. 49.1.251.195 device blocked port 3h 31m 41s
  4. 49.1.251.162 device blocked port 3h 31m 41s
  5. 49.1.251.137 device blocked port 3h 31m 41s
  6. 49.1.251.50 device blocked port 3h 31m 41s
  7. 49.1.251.91 device blocked port 3h 31m 41s
  8. 49.1.251.25 device blocked port 3h 31m 41s
  9. -
  10. 49.1.251.203 device blocked port 6h 1m 54s
  11. 49.1.251.174 device blocked port 6h 1m 54s
  12. 49.1.251.73 device blocked port 6h 1m 54s
  13. 49.1.251.139 device blocked port 6h 1m 54s
  14. 49.1.251.160 device blocked port 6h 1m 54s
  15. 49.1.251.61 device blocked port 6h 1m 54s
  16. 49.1.251.34 device blocked port 6h 1m 54s
  17. -
  18. 49.1.251.245 device blocked port 11h 18m 9s
  19. 49.1.251.244 device blocked port 11h 18m 9s
  20. 49.1.251.204 device blocked port 11h 18m 9s
  21. 49.1.251.33 device blocked port 11h 18m 9s
  22. 49.1.251.41 device blocked port 11h 18m 9s
  23. 49.1.251.68 device blocked port 11h 18m 9s
  24. 49.1.251.103 device blocked port 11h 18m 9s
  25. 49.1.251.119 device blocked port 11h 18m 9s
  26. -
  27. 49.1.251.243 device blocked port 12h 9m 32s
  28. 49.1.251.225 device blocked port 12h 9m 32s
  29. 49.1.251.196 device blocked port 12h 9m 32s
  30. 49.1.251.176 device blocked port 12h 9m 32s
  31. 49.1.251.163 device blocked port 12h 9m 32s
  32. 49.1.251.74 device blocked port 12h 9m 32s
  33. -
  34. 49.1.251.254 device blocked port 13h 13m 19s
  35. 49.1.251.152 device blocked port 18h 58m 45s
  36. -
  37. End Log

Have a Good Day!

 

 

 

TelNet Port 23 Exploit Simple Service Probe with Smart IP patterns Recommended blocked IP range based on logs: 49.1.251.1 to 49.1.251.255