Finding mirai
Here it is a list of tips how to identify Mirai in your network:
- – Scans actively port 23 and port 2323 for vulnerable devices. Expect lots of SYNs traffic in your network
- – Outbound connections to 65.222.202.53 port 80. System administrators can identify vulnerable devices by looking into flow data towards address 65.222.202.53, tcp 80
- – Devices open the port TCP 48101
- – Devices make DNS lookups using 8.8.8.8