At 09:50 PM 2/13/2002 -0500, you wrote: >I see it all the time. Usernames are usually fairly easy to guess >especially on a mailserver if it's sendmail and VRFY and EXPN are >enabled. Check your mail logs for a lot of 550's, then check the IP >address against recent spam. Anything that wasn't rejected and >returned to the sender is a potential username on a box running SSH >*and* a mail server. Also, if you own the domain name of the box, a >simple whois will turn up several potential usernames. There are >litterally hundreds of ways to get usernames. In theory. So I've heard >;-)
Yeah, I just saw that this user had been logged in several times that day leading up to the attempt and got paranoid, thinking it was more than a coincidence. Later I found out that mail had been sent out under this username, which is probably how they got it. Thanks. Peter Beardsley Appropriate Solutions, Inc. [EMAIL PROTECTED] ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
