RE: POP3 logon attempts

From: Jerry Shenk (jshenk@decommunications.com)
Date: 04/01/03

  • Next message: Tomas Carlsson: "Why alerts on ports 1025-1029, 1036"
    From: "Jerry Shenk" <jshenk@decommunications.com>
    To: <incidents@securityfocus.com>
    Date: Mon, 31 Mar 2003 17:14:19 -0500
    
    

    There are a number of utilities to do that. When I do penetration testing,
    I normally use a .c file that somebody named pop3hack from my linux box. I
    don't even know what the original source was anymore...but, to answer your
    question....yes they're available.

    The more important question is who was trying? That doesn't sounds like a
    'random' scan to me.

    -----Original Message-----
    From: Tom Fischer [mailto:rustomfi@helpdesk.rus.uni-stuttgart.de]On
    Behalf Of Tom Fischer
    Sent: Monday, March 31, 2003 7:11 AM
    To: incidents@securityfocus.com
    Subject: POP3 logon attempts

    Hi,
    some of our POP3 servers got DoSed cause of massive password probes
    against following accounts:

    admin
    backup
    data
    master
    oracle
    root
    server
    sybase
    test
    user
    web
    webmaster

    Does someone know a tool which will brute force these accounts?

    --
    Tom Fischer                              Tom.Fischer@rus.uni-stuttgart.de
    RUS-CERT University of Stuttgart       Tel:+49 711 685-8076 / -5898 (fax)
    Allmandring 30, D-70550 Stuttgart           http://cert.uni-stuttgart.de/
    ----------------------------------------------------------------------------
    Powerful Anti-Spam Management and More...
    SurfControl E-mail Filter puts the brakes on spam,
    viruses and malicious code. Safeguard your business
    critical communications. Download a free 30-day trial:
    http://www.surfcontrol.com/go/zsfihl1
    ----------------------------------------------------------------------------
    Powerful Anti-Spam Management and More...
    SurfControl E-mail Filter puts the brakes on spam,
    viruses and malicious code. Safeguard your business
    critical communications. Download a free 30-day trial:
    http://www.securityfocus.com/SurfControl-incidents
    

  • Next message: Tomas Carlsson: "Why alerts on ports 1025-1029, 1036"

    Relevant Pages

    • RE: Logon.dll? Possible root-kit?
      ... Safeguard your business ... critical communications. ... Download a free 30-day trial: ...
      (Incidents)
    • RE: Strange Packet logs in ipchains
      ... Safeguard your business ... critical communications. ... Download a free 30-day trial: ...
      (Security-Basics)
    • Windows 2000 user login
      ... Safeguard your business ... critical communications. ... Download a free 30-day trial: ...
      (Security-Basics)
    • RE: Windows 2000 user login
      ... communicates with a domain server and somehow passes that password ... Safeguard your business ... critical communications. ... Download a free 30-day trial: ...
      (Security-Basics)
    • Re: Logon.dll? Possible root-kit?
      ... Safeguard your business ... > critical communications. ... Download a free 30-day trial: ...
      (Incidents)