[Snort-sigs] Signature Definition #718, 14 of 20
Esler, Joel Contractor
EslerJ at ...785...
Mon Jun 9 07:58:07 EDT 2003
Rule: -- TELNET login incorrect
Sid: -- 718
Summary: -- This string detects a failed attempt to login to telnet servers
on your network.
Impact: -- This event indicates an attempt to establish a Telnet
connection, but refused by bad password or username.
Detailed Information: -- If this event occurs alot, it indicates an attempt
to guess passwords. Telnet is a connection protocol that uses cleartext
usernames and passwords
Affected Systems: -- Any that have the software installed
Attack Scenarios: -- Slim to Dangerous
Ease of Attack: -- Easy if installed
False Positives: -- Unknown
False Negatives: -- Unknown
Corrective Action: -- Find and disable unauthorized Telnet Servers, secure
authorized Telnet Servers by requiring username/password authentication.
Make sure that root login is only allowed on the console, and if possible
disable telnet and use SSH instead.
Contributors: -- Joel Esler
More information about the Snort-sigs