I had the same thing happen to my pop3 servers. It may have even been the same tool. The following accounts were tried: administrator admin backup root server test webmaster web www This is only the second time I've noticed this in my logs. There were 161 attempted logins this time and all came from 61.144.128.177. This is an address in China. On Mon, 2003-03-31 at 07:11, Tom Fischer wrote: > Hi, > some of our POP3 servers got DoSed cause of massive password probes > against following accounts: > > admin > backup > data > master > oracle > root > server > sybase > test > user > web > webmaster > > Does someone know a tool which will brute force these accounts? ---------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Apr 23 2003 - 07:21:30 PDT