[Snort-sigs] Signature Definition #718, 14 of 20

Esler, Joel Contractor EslerJ at ...785...
Mon Jun 9 07:58:07 EDT 2003

 Rule: -- TELNET login incorrect
 Sid: -- 718
 Summary: -- This string detects a failed attempt to login to telnet servers
on your network.
 Impact: -- This event indicates an attempt to establish a Telnet
connection, but refused by bad password or username. 
 Detailed Information: -- If this event occurs alot, it indicates an attempt
to guess passwords. Telnet is a connection protocol that uses cleartext
usernames and passwords
 Affected Systems: -- Any that have the software installed
 Attack Scenarios: -- Slim to Dangerous
 Ease of Attack: -- Easy if installed
 False Positives: -- Unknown
 False Negatives: -- Unknown
 Corrective Action: -- Find and disable unauthorized Telnet Servers, secure
authorized Telnet Servers by requiring username/password authentication.
Make sure that root login is only allowed on the console, and if possible
disable telnet and use SSH instead.
 Contributors: -- Joel Esler
 Additional References: 

More information about the Snort-sigs mailing list