Heya, this is probably the same piece of malware that has been discussed on f-d recently. The username/password combination guest and test are hardcoded into a little statically linked binary which is commonly used together with a SYN scanner. Chances are good these attempts are coming from a compromised box - you may want to look into that if it is in your realms. If you need more info, I disassembled them both and made a quick analysis, check the f-d archives. Cheers, J. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"