>RSP> Although most of it is very straightforward, there are about a
>RSP> dozen bytes in there that seem to never change -- but those could
>RSP> easily cause a problem for a program that assumes that they
>RSP> should always be the same value.
>
> I agree that it would be imprudent to develop a program that
> would be widely distributed unless the format was well
> understood....
>
> However, I am interested more in a web utility that I would use in
> conjunction with the Log Analyzer and look for dictionary attacks
> from ip addresses. So I don't think I need to totally understand
> the file structure for my purposes.
That's exactly what we were looking to do. We designed a program to read
the log file in real-time, and detect dictionary attacks (and just about
any other type of attack, such as POP3 password attacks).
>I've been able to inspect two files but haven't been able to play with
>inserts and deletes yet and then compare again. My initial structure
>follows:
>
> bytes 00-0F ( 16): not understood - not enough experience yet to
> know what changes and what doesn't
And that's exactly why we are worried. <G> My best guess is that those
bytes were designed to scare people from trying to make their own
changes. There doesn't seem to be any purpose to most of those bytes.
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail. http://www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit the Knowledge Base for answers to frequently asked
questions: http://www.ipswitch.com/support/IMail/
