Well...assuming the ftp is throwing a bogus user error when an invalid user is found, now hackerboy has a list of valid users to use a dictionary attack on...
-- jon mailto:jonhall@;ozline.net Friday, November 1, 2002, 12:18:37 PM, you wrote: WW> <wankel> Apr 16 17:43:34 mankind.boredom.org ftpd[9720]: zirconium (bogus) LOGIN FAILED [from cv796573-a.hcksvle1.ny.home.com] WW> <wankel> Apr 16 17:43:34 mankind.boredom.org ftpd[9722]: zoology (bogus) LOGIN FAILED [from cv796573-a.hcksvle1.ny.home.com] WW> <wankel> Apr 16 17:43:34 mankind.boredom.org ftpd[9721]: zoo (bogus) LOGIN FAILED [from cv796573- a.hcksvle1.ny.home.com] WW> <wankel> Apr 16 17:43:34 mankind.boredom.org ftpd[9723]: zoom (bogus) LOGIN FAILED [from cv796573- a.hcksvle1.ny.home.com] WW> <wankel> Apr 16 17:43:34 mankind.boredom.org ftpd[9724]: zooplankton (bogus) LOGIN FAILED [from cv796573-a.hcksvle1.ny.home.com] WW> <wankel> WHOA SHIT WW> <mendel> someone tell that luser that dictionary attacks refer to the PASSWORD part. WW> <wankel> christ, 2000 lines back and he was only in w's :) WW> <wankel> mankind:~ % grep LOGIN FAILED /var/log/messages | wc -l WW> <wankel> 8923 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=5 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=5 Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
