Security Incidents mailing list archives

Re: POP3 logon attempts

From: Tom Fischer <Tom.Fischer () rus uni-stuttgart de>
Date: Tue, 1 Apr 2003 10:49:34 +0200

Hi,

On Mon, Mar 31, 2003 at 05:14:19PM -0500, Jerry Shenk wrote:

There are a number of utilities to do that.


yes, there are a number of utilities which will brute force
POP3-accounts (Hydra, Brutus, ...), but I was wondering about these
attacks, cause we saw the same attacks (only against the mentioned 
accounts) from different sources (so I thougt there might be a new 
tool or worm spreading).

The more important question is who was trying?  That doesn't sounds like a
'random' scan to me.


It was a random scan against mail servers in one of our Class-B-networks.

-- 
Tom Fischer                              Tom.Fischer () rus uni-stuttgart de
RUS-CERT University of Stuttgart       Tel:+49 711 685-8076 / -5898 (fax)
Allmandring 30, D-70550 Stuttgart           http://cert.uni-stuttgart.de/

----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-incidents

Current thread:

RE: POP3 logon attempts Jerry Shenk (Mar 31)
- Re: POP3 logon attempts Tom Fischer (Apr 02)
- <Possible follow-ups>
- RE: POP3 logon attempts Curt Purdy (Mar 31)
- Re: POP3 logon attempts Bojan Zdrnja (Mar 31)
- Re: POP3 logon attempts Torsten Mueller (Mar 31)
- Re: POP3 logon attempts dreamwvr () dreamwvr com (Apr 02)
- Re: POP3 logon attempts Mike (Apr 02)
- Re: POP3 logon attempts Steve Cody (Apr 23)