TSUBAME Report Overflow (Jan-Mar 2025)

This TSUBAME monitoring report (Jan–Mar 2025) summarizes FY2024 trends where Mirai-like scanning dominated traffic to port 23/TCP with notable spikes in May 2024, Sep–Dec 2024, and Feb–Mar 2025; affected devices included routers (TP-Link, ASUS), security cameras, DVRs, and NAS. TSUBAME sensors observed associated scans to other ports and DDoS reflection traffic, compared top scanned ports across sensors (23, 8728, 22, 8080, 80, ICMP, 6379), and recommends firmware updates, secure configuration, port hardening and use of tools like SHODAN and port scans to mitigate botnet infection and DDoS risks.