Mirai Botnet

The Mirai Botnet has been attributed to a large number of distributed denial of service (DDoS) attacks globally, including Dyn, a major Domain Name System company that supports Twitter, Netflix and Airbnb. The malware targets Internet of Things (IoT) devices with default credentials, such as webcams and CCTV cameras.

The ports that are impacted by Mirai include Ports 23/TCP & 2323/TCP. UBC is seeing substantial scanning activity on these ports. Port 23 is telnet (which is insecure), should not be directly accessed via the internet without the protection of encryption (e.g. VPN encapsulation). Port 2323 is 3d-nfsd, but is being used as an alternate telnet port by IoT devices.

On November 2, 2016, we will be blocking Ports 23 and 2323 inbound for all UBC IP space. Legitimate access to devices connected to these ports can be obtained via myVPN and then using the port to access the device.

For questions or concerns, please contact security@ubc.ca.

Additional Information
https://www.us-cert.gov/ncas/alerts/TA16-288A