[Snort-sigs] SID 717
alexander.s at ...1565...
Mon Jun 9 14:28:02 EDT 2003
TELNET not on console
This signature indicates that somebody has attempted to login to the
root account via telnet.
This signature indicates that someobody has attempted, and failed, to
login to the root account via telnet. The "not on console" message is
produced when trying to login as root over telnet to a machine that only
allows local root logins. Telnet is a terminal emulation program. The
telnet client connects to a telnet server which usually runs on TCP port
An attacker may be trying to compromise the root account. This program
is also used legitimately.
Ease of Attack:
Do not allow root logins through telnet. Use a firewall to restrict
telnet access to certain hosts. It is preferable to use ssh instead of
Documentation - Steven Alexander<alexander.s at ...1565...>
More information about the Snort-sigs