On Mon, Jun 16, 2003 at 11:33:25AM -0700, Mark Crispin wrote: ... > We've recently seen an attack on IMAP servers where the following user > names are tried: root, admin, webmaster, user, test, web, www, > administrator, oracle, sybase, informix, oracle8, backup, lizdy, server, > data, account, access, pwrchute.
This set sounds familiar ... indeed: I have seen similar ones tested in SMTP AUTH LOGIN sessions. I reported this to local CERT in last september. > One source of the attack is mar-gw-01-213245050186.chello.fr, IP address > 213.245.50.186. > -- Mark -- -- /Matti Aarnio <[EMAIL PROTECTED]>
