Take a little protection with you
I mentioned before that we have an MPC (Managed Power Controller, a PDU to the rest of us) sitting out there on the Internet (mpc.wti.com). We leave the protocols that should REALLY be closed when running in a real world environment open (i.e. Telnet, web, SNMPV1/V2) to see what kind of attacks that we can resist and which ones are causing trouble out there in the open.
The funny thing is, almost every night around 3am in the morning, some automated script bot (it looks like it is coming from China) tries about a dozen or so login attempts with varying ids and passwords every time. I should mentioned that we have out Lockout feature turned off, else this bot from China would be cut off after xx amount of login attempts. For this unit we are using as our honeypot so, the more the merrier.
One thing I noticed is that if we changed the default ports for telnet, SSH and Web, the script bot stopped trying after the first try. While I am not a big fan of Security by Obfuscation, I do think, it can be a first line of defense against these unsophisticated types of attacks and you can spend your time against the more informed hacker.
See you at 3am
Later
