On Tue, 27 Jul 2004 16:21:51 -0500, James Marcinek <jmarc1@xxxxxxxxxxxxxx> wrote: > I recently had the same issue. I could you give an example of a reject rule. > This is the IP address that was used: 210.99.38.200 They tried to use the same > non-existent account. Is there some exploit out there or are they just trying to > get into a system that is not secured well? I'm wondering the same thing. I had a couple of attempts last night from 12.181.128.5. Given the fact that it seems to be coming from multiple systems I'm guessing it's either a worm or a script kiddie who's managed to find some vulnerable systems and then keeps trying the same trick ad infinitum. I did a whois on the source IP and sent an email about the problem to the admin contact. It might not do anything but it can't hurt. --Brad
