sequences in the auth.log - Jan Muenther - org.freebsd.freebsd-security

12 messages in org.freebsd.freebsd-securitysequences in the auth.log

From	Sent On	Attachments
Sandor Berta	Aug 13, 2004 7:05 am
Dan Langille	Aug 13, 2004 7:14 am
Nikolaj I. Potanin	Aug 13, 2004 7:14 am
Mohacsi Janos	Aug 13, 2004 7:15 am
Jan Muenther	Aug 13, 2004 7:55 am
Craig Edwards	Aug 13, 2004 10:48 am
Peter C. Lai	Aug 13, 2004 11:52 am
Gregory Kuhn	Aug 13, 2004 12:35 pm
Justin	Aug 17, 2004 9:01 pm
Allen/Gore/SlackWareWolf	Aug 17, 2004 9:39 pm
Nikolay Pavlov	Aug 18, 2004 2:54 am
Devon H. O'Dell	Aug 18, 2004 2:56 am

Subject:	sequences in the auth.log
From:	Jan Muenther (jan....@nruns.com)
Date:	Aug 13, 2004 7:55:39 am
List:	org.freebsd.freebsd-security

Heya,

this is probably the same piece of malware that has been discussed on f-d recently. The username/password combination guest and test are hardcoded into a little statically linked binary which is commonly used together with a SYN scanner.

Chances are good these attempts are coming from a compromised box - you may want to look into that if it is in your realms.

If you need more info, I disassembled them both and made a quick analysis, check the f-d archives.

Cheers, J.

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets