[Snort-sigs] SID 718
alexander.s at ...1565...
Mon Jun 9 14:28:09 EDT 2003
TELNET login incorrect
Someone attempted to login to a machine by telnet and provided the wrong
username and/or password.
Minimal. There is a possibility that an attacker will be able to gain
access to a machine.
This signature indicates that somebody has attempted, and failed, to log
in to a machine over a telnet connection. Telnet is a terminal
emulation program. The telnet client connects to a telnet server which
usually runs on TCP port 23.
An attacker could be guessing passwords in an attempt to gain access to
the system. A legitimate user may have simply mistyped their username
Ease of Attack:
Action is required only if the volume of failed login attempts indicates
an attack. Telnet access can be restricted to certain hosts or networks
using a firewall. It is preferable to use ssh instead of telnet.
Documentation - Steven Alexander<alexander.s at ...1565...>
More information about the Snort-sigs