[Snort-sigs] SID 718

Steven Alexander alexander.s at ...1565...
Mon Jun 9 14:28:09 EDT 2003

TELNET login incorrect 



Someone attempted to login to a machine by telnet and provided the wrong
username and/or password.


Minimal.  There is a possibility that an attacker will be able to gain
access to a machine.

Detailed Information:

This signature indicates that somebody has attempted, and failed, to log
in to a machine over a telnet connection.  Telnet is a terminal
emulation program.  The telnet client connects to a telnet server which
usually runs on TCP port 23.

Affected Systems:

Attack Scenarios:

An attacker could be guessing passwords in an attempt to gain access to
the system.  A legitimate user may have simply mistyped their username
or password.  

Ease of Attack:
Very Simple

False Positives:

none known.

False Negatives:

None known.
Corrective Action:

Action is required only if the volume of failed login attempts indicates
an attack.  Telnet access can be restricted to certain hosts or networks
using a firewall.  It is preferable to use ssh instead of telnet.

Documentation - Steven Alexander<alexander.s at ...1565...>
Additional References:


More information about the Snort-sigs mailing list