Just a quick post today, but I wanted to give you some insight into the Telnet scans we have been seeing lately. Here are the passwords that have been used to target logins on port 23 on one of our HITME sensors in the United States. This particular system emulates a login, and the probes appear to be automated. We saw no evidence of any manual probes on this sensor in the last month that targeted telnet.
The passwords used in brute force attacks on telnet (used against the usual root/admin/etc users…):
Keep a careful eye on any systems with Telnet exposed to the Internet. They are a common attraction point to attackers.