[Snort-sigs] SID 719
alexander.s at ...1565...
Mon Jun 9 13:57:08 EDT 2003
TELNET root login
Telnet is a terminal emulation program. The telnet client connects to a
telnet server which usually runs on TCP port 23.
Possible root access..
This signature indicates that somebody has attempted(and possibly
succeeded) to log in as root over a telnet connection.
An attacker could already have root access or they could be attempting
to guess the root password. This program is also used legitimately.
Ease of Attack:
Do not allow root logins through telnet. Also, it is preferable to use
ssh instead of telnet.
Documentation - Steven Alexander<alexander.s at ...1565...>
More information about the Snort-sigs