Bill Moran wrote:
In response to Mike Tancsa <[email protected]>:
Yes, thats the latest pattern I have been seeing-- distributed, slow
and coordinated. Here is a sample from one of my honeypots. The
only way to deal with them I found is to have multiple sensors
throughout my network and aggregate the data. Otherwise, each IP
only appears every few hrs in the logs.
I deal with it by immediately blocking any host that generates an
"invalid user" error.
Of course, that won't work for everyone :(
and if it's just a typo on user part ?
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
