[Snort-sigs] SID 717

Steven Alexander alexander.s at ...1565...
Mon Jun 9 14:28:02 EDT 2003


Rule:  
TELNET not on console
--
Sid:

717

--
Summary:
This signature indicates that somebody has attempted to login to the
root account via telnet.

--
Impact:

Minimal.

--
Detailed Information:
This signature indicates that someobody has attempted, and failed, to
login to the root account via telnet.  The "not on console" message is
produced when trying to login as root over telnet to a machine that only
allows local root logins.  Telnet is a terminal emulation program.  The
telnet client connects to a telnet server which usually runs on TCP port
23.

--
Affected Systems:

All
--
Attack Scenarios:

An attacker may be trying to compromise the root account.  This program
is also used legitimately.  

--
Ease of Attack:
Very Simple

--
False Positives:

none known.

--
False Negatives:

None known.
--
Corrective Action:

Do not allow root logins through telnet.  Use a firewall to restrict
telnet access to certain hosts.  It is preferable to use ssh instead of
telnet.

--
Contributors:
Documentation - Steven Alexander<alexander.s at ...1565...>
-- 
Additional References:

http://www.whitehats.com/info/IDS365







More information about the Snort-sigs mailing list