[Snort-sigs] Signature Definition #719, 13 of 20

Esler, Joel Contractor EslerJ at ...785...
Mon Jun 9 07:05:12 EDT 2003

 Rule: -- TELNET root login
 Sid: -- 719
 Summary: -- This string detects an attempt to login as root on your
 Impact: -- This could allow unauthorized users to login as root.  Logging
in as root through Telnet should not be allowed because Telnet uses
cleartext passwords.
 Detailed Information: -- This does not indicate a compromise on the
network, this signature indicates an attempt to login as root in your
 Affected Systems: -- Any that have the software installed
 Attack Scenarios: -- Slim to Dangerous
 Ease of Attack: -- Easy if installed
 False Positives: -- Unknown
 False Negatives: -- Unknown
 Corrective Action: -- Find and disable unauthorized Telnet Servers, secure
authorized Telnet Servers by requiring username/password authentication.
Make sure that root login is only allowed on the console, and if possible
disable telnet and use SSH instead.
 Contributors: -- Joel Esler
 Additional References: 

More information about the Snort-sigs mailing list