Re: sequences in the auth.log
From: Jan Muenther (jan.muenther_at_nruns.com)
Date: 08/13/04
- Previous message: Mohacsi Janos: "Re: sequences in the auth.log"
- In reply to: Sandor Berta: "sequences in the auth.log"
- Next in thread: Craig Edwards: "Re: sequences in the auth.log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 13 Aug 2004 16:57:07 +0200 To: Sandor Berta <berta@beco.hu>
Heya,
this is probably the same piece of malware that has been discussed on f-d
recently. The username/password combination guest and test are hardcoded into
a little statically linked binary which is commonly used together with a
SYN scanner.
Chances are good these attempts are coming from a compromised box - you may
want to look into that if it is in your realms.
If you need more info, I disassembled them both and made a quick analysis, check
the f-d archives.
Cheers, J.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Mohacsi Janos: "Re: sequences in the auth.log"
- In reply to: Sandor Berta: "sequences in the auth.log"
- Next in thread: Craig Edwards: "Re: sequences in the auth.log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
