[Snort-sigs] Signature Definition #719, 13 of 20
Esler, Joel Contractor
EslerJ at ...785...
Mon Jun 9 07:05:12 EDT 2003
Rule: -- TELNET root login
Sid: -- 719
Summary: -- This string detects an attempt to login as root on your
Impact: -- This could allow unauthorized users to login as root. Logging
in as root through Telnet should not be allowed because Telnet uses
Detailed Information: -- This does not indicate a compromise on the
network, this signature indicates an attempt to login as root in your
Affected Systems: -- Any that have the software installed
Attack Scenarios: -- Slim to Dangerous
Ease of Attack: -- Easy if installed
False Positives: -- Unknown
False Negatives: -- Unknown
Corrective Action: -- Find and disable unauthorized Telnet Servers, secure
authorized Telnet Servers by requiring username/password authentication.
Make sure that root login is only allowed on the console, and if possible
disable telnet and use SSH instead.
Contributors: -- Joel Esler
More information about the Snort-sigs