'Twas Nov 22 when gabriel rosenkoetter wrote: > On Thu, Nov 22, 2001 at 11:24:43AM +0200, Marco Slaviero wrote: > > The user has restricted (sftp, and a change passwd script) access to the box. > > It does not seem to be the crc32 attack. The user logged on about 136 time in > > an hour, and disconnected almost immediately. Anyone seen this before? > > You've ruled out broken client software on the user's end, I trust? > > -- > ~ g r @ eclipsed.net > It does not appear to be so. The user had successfully logged on. He had a session running for about 10 minutes, and the attempts were still coming in. Regards Marco Slaviero "Ruthless logic is the sign of a limited mind" -- Doc ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Nov 23 2001 - 08:23:23 PST