Last week, the fact that someone leaked 1700 or so IP addresses with default username/password caused some people to get excited about the issue of default telnet credentials again. Ever since the “Mirai” outbreak, we do see a pretty constant stream of requests for port 23 (and to some extent 2323 as well as 22) searching for systems with default credentials. When Mirai came out, I did a quick experiment testing how long it would take to have a DVR with default credentials infected. So I decided to repeat this experiment, to see if anything changed. Using an actual vulnerable DVR vs. a honeypot will be more realistic and provide better results.
Article Link: https://isc.sans.edu/diary/rss/22762