There are a number of utilities to do that. When I do penetration testing, I normally use a .c file that somebody named pop3hack from my linux box. I don't even know what the original source was anymore...but, to answer your question....yes they're available. The more important question is who was trying? That doesn't sounds like a 'random' scan to me. -----Original Message----- From: Tom Fischer [mailto:rustomfiat_private-stuttgart.de]On Behalf Of Tom Fischer Sent: Monday, March 31, 2003 7:11 AM To: incidentsat_private Subject: POP3 logon attempts Hi, some of our POP3 servers got DoSed cause of massive password probes against following accounts: admin backup data master oracle root server sybase test user web webmaster Does someone know a tool which will brute force these accounts? -- Tom Fischer Tom.Fischerat_private-stuttgart.de RUS-CERT University of Stuttgart Tel:+49 711 685-8076 / -5898 (fax) Allmandring 30, D-70550 Stuttgart http://cert.uni-stuttgart.de/ ---------------------------------------------------------------------------- Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfihl1 ---------------------------------------------------------------------------- Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-incidents
This archive was generated by hypermail 2b30 : Mon Mar 31 2003 - 16:15:46 PST