Security - Mirai Change default login

2 posts / 0 new
Last post
Adrian
Security - Mirai Change default login

The Mirai botnet DNS denial of service attack that recently brought down the internet exploited IoT devices including the Raspberry Pi default user name and login. If your Pi is connected to the internet using ssh or other means it is quite possible the Mirai botnet was installed.
I don't know how to check for it but I understand the attacks continue. If anyone has further details or knows how to identify and eliminate it please post a followup.

Adrian
Mirai not targeting the Pi

Apparently the Pi was not a specific target of Mirai as I had feared. It's still important to change default user and passwords especially if using port forwarding for remote access. The ports targeted were 22 and 23 (ssh and telnet), it is recommended these ports are not forwarded to their external defaults. If you do forward we typically use 8022 and 8023 external.
Consider running a web based port scanner on your WAN (router) IP common ports, you may find vulnerabilities as I did.

Adrian Ogden

Log in to post comments