[Snort-sigs] SID 719

Steven Alexander alexander.s at ...1565...
Mon Jun 9 13:57:08 EDT 2003


Rule:  
TELNET root login 
--
Sid:

719

--
Summary:

Telnet is a terminal emulation program.  The telnet client connects to a
telnet server which usually runs on TCP port 23.

--
Impact:

Possible root access..

--
Detailed Information:

This signature indicates that somebody has attempted(and possibly
succeeded) to log in as root over a telnet connection.

--
Affected Systems:

All
--
Attack Scenarios:

An attacker could already have root access or they could be attempting
to guess the root password.  This program is also used legitimately.  

--
Ease of Attack:
Very Simple

--
False Positives:

none known.

--
False Negatives:

None known.
--
Corrective Action:

Do not allow root logins through telnet.  Also, it is preferable to use
ssh instead of telnet.

--
Contributors:
Documentation - Steven Alexander<alexander.s at ...1565...>
-- 
Additional References:








More information about the Snort-sigs mailing list