[Snort-sigs] SID 718

Steven Alexander alexander.s at ...1565...
Mon Jun 9 14:28:09 EDT 2003


Rule:  
TELNET login incorrect 
--
Sid:

718

--
Summary:

Someone attempted to login to a machine by telnet and provided the wrong
username and/or password.

--
Impact:

Minimal.  There is a possibility that an attacker will be able to gain
access to a machine.

--
Detailed Information:

This signature indicates that somebody has attempted, and failed, to log
in to a machine over a telnet connection.  Telnet is a terminal
emulation program.  The telnet client connects to a telnet server which
usually runs on TCP port 23.

--
Affected Systems:

All
--
Attack Scenarios:

An attacker could be guessing passwords in an attempt to gain access to
the system.  A legitimate user may have simply mistyped their username
or password.  

--
Ease of Attack:
Very Simple

--
False Positives:

none known.

--
False Negatives:

None known.
--
Corrective Action:

Action is required only if the volume of failed login attempts indicates
an attack.  Telnet access can be restricted to certain hosts or networks
using a firewall.  It is preferable to use ssh instead of telnet.

--
Contributors:
Documentation - Steven Alexander<alexander.s at ...1565...>
-- 
Additional References:

http://www.whitehats.com/info/IDS127







More information about the Snort-sigs mailing list