[Snort-sigs] SID 716

Steven Alexander alexander.s at ...1565...
Mon Jun 9 14:27:12 EDT 2003


Rule:  
TELNET access
--
Sid:

716

--
Summary:
This signature indicates that somebody has succeeded in logging in to a
machine via telnet.

--
Impact:

Variable.

--
Detailed Information:

This signature indicates that somebody has logged in to a machine over a
telnet connection.  This may indicate that a system has been compromised
if the client is outside your network.  Telnet is a terminal emulation
program.  The telnet client connects to a telnet server which usually
runs on TCP port 23.

--
Affected Systems:

All
--
Attack Scenarios:

An attacker may have compromised the machine.  This program is also used
legitimately.  

--
Ease of Attack:
Very Simple

--
False Positives:

none known.

--
False Negatives:

None known.
--
Corrective Action:

Do not allow root logins through telnet.  Use a firewall to restrict
telnet access to certain hosts.  It is preferable to use ssh instead of
telnet.

--
Contributors:
Documentation - Steven Alexander<alexander.s at ...1565...>
-- 
Additional References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0619
http://www.whitehats.com/info/IDS08







More information about the Snort-sigs mailing list