The frequency of IMAP attacks is increasing, and the number of IP
addresses scanned per attack seems to be increasing as well. In the last
24 hours, I've been scanned by:
fermi.math.csi.cuny.edu
c149.lib.uci.edu
sockeye.cob.calpoly.edu
quebec.upa.qc.ca
Anyone upstream of any of these able to add a Sniffer? It'd be
interesting to see if someone is connected in via telnet or ssh and
launching the attacks remotely. With all of these types of attack in the
last several days, the systems doing the attacking have all been ones
that were compromised.
Anyway, I recommend you to WARN the owners of this servers _you server NO DOUBT T
IS BROKEN and abused by the hacker_.
I see al (ALL) domains the scanning was originated from
are in the list of the domains where sniffers is known was
installed and passworeds collected by the hackers. Unfortunately,
this is (mainly) big educational networks where sysadmins are clueless
about security and abusing.
I have got answers on my WARN messages at (approx) 50% cases, mainly from
small commecrial companies, sometimes from ISP, and rarely from
the universities. I can provide you a few examples of such networks.