I've noticed that the Telnet module seems prone to having dead sessions lingering around. This here appears to be the result of a port scan or some other kind of bot activity:
# PROTOCOL ELAPSED TRM SZE USER MENU/PAGE IP ADDRESS RPORT E B TID RFD WFD MST SLV SPY SLV NAME
1 TDD 38:29:32 0x 0 <Not Logged In> 15.235.130.209 50694 Y Y -1 25 25 -1 -1 -1
2 TDD 63:14:15 0x 0 <Not Logged In> 103.138.109.148 51092 Y Y -1 29 29 -1 -1 -1
3 TDD 63:14:15 0x 0 <Not Logged In> 103.138.109.148 51093 Y Y -1 30 30 -1 -1 -1
4 TDD 63:13:59 0x 0 <Not Logged In> 103.138.109.148 52258 Y Y 24246 31 31 -1 -1 -1
5 TDD 63:13:59 0x 0 <Not Logged In> 103.138.109.148 52263 Y Y 24246 32 32 -1 -1 -1
6 TELNETS 62:38:06 0x 0 <Not Logged In> 103.138.109.148 53791 Y Y -1 33 33 -1 -1 -1
7 TELNETS 62:38:06 0x 0 <Not Logged In> 103.138.109.148 53790 Y Y -1 34 34 -1 -1 -1
8 TELNETS 62:37:51 0x 0 <Not Logged In> 103.138.109.148 54326 Y Y -1 35 35 -1 -1 -1
9 TELNETS 62:37:51 0x 0 <Not Logged In> 103.138.109.148 54325 Y Y -1 36 36 -1 -1 -1
10 TDD 38:29:16 0x 0 <Not Logged In> 15.235.130.209 52215 Y Y -1 26 26 -1 -1 -1
11 TDD 38:29:16 0x 0 <Not Logged In> 15.235.130.209 52224 Y Y -1 27 27 -1 -1 -1
12 TELNETS 37:54:36 0x 0 <Not Logged In> 15.235.130.209 57809 Y Y -1 28 28 -1 -1 -1
13 TDD 38:29:32 0x 0 <Not Logged In> 15.235.130.209 50682 Y Y -1 39 39 -1 -1 -1
14 TELNETS 37:54:36 0x 0 <Not Logged In> 15.235.130.209 57810 Y Y -1 37 37 -1 -1 -1
15 TELNETS 37:54:20 0x 0 <Not Logged In> 15.235.130.209 58325 Y Y -1 38 38 -1 -1 -1
16 TELNETS 37:54:20 0x 0 <Not Logged In> 15.235.130.209 58326 Y Y -1 40 40 -1 -1 -1
17 TDD 15:17:21 0x 0 <Not Logged In> 51.79.169.4 61699 Y Y -1 41 41 -1 -1 -1
18 TELNETS 30:53:21 0x 0 <Not Logged In> 159.203.71.159 56398 Y Y -1 48 48 -1 -1 -1
19 TDD 15:17:06 0x 0 <Not Logged In> 51.79.169.4 62358 Y Y -1 42 42 -1 -1 -1
20 TDD 22:04:58 0x 0 <Not Logged In> 178.32.43.185 60000 Y Y -1 53 53 -1 -1 -1
21 TDD 15:17:06 0x 0 <Not Logged In> 51.79.169.4 62360 Y Y -1 43 43 -1 -1 -1
22 TELNETS 14:42:18 0x 0 <Not Logged In> 51.79.169.4 51540 Y Y -1 44 44 -1 -1 -1
23 TDD 15:17:21 0x 0 <Not Logged In> 51.79.169.4 61694 Y Y -1 47 47 -1 -1 -1
24 TELNETS 14:42:18 0x 0 <Not Logged In> 51.79.169.4 51542 Y Y -1 45 45 -1 -1 -1
25 TELNETS 14:42:03 0x 0 <Not Logged In> 51.79.169.4 52100 Y Y -1 46 46 -1 -1 -1
26 TELNETS 14:42:03 0x 0 <Not Logged In> 51.79.169.4 52101 Y Y -1 49 49 -1 -1 -1
The dead sessions linger forever, although if kicked the nodes will go away. Some red flags here are:
Node sessions with either the same thread or no thread at all (-1)
I've noticed that the Telnet module seems prone to having dead sessions lingering around. This here appears to be the result of a port scan or some other kind of bot activity:
The dead sessions linger forever, although if kicked the nodes will go away. Some red flags here are: