| GEN:SID | 1:715 |
| Message | TELNET Attempted SU from wrong group |
| Summary | This event is generated when a telnet server sends an error message regarding a failed user attempt to issue the 'su' command to get root privileges.
|
| Impact | Failed root access. This attack occurs when a user attempts to get root privileges using the su command.
|
| Detailed Information | An attacker may attempt to gain root privileges by issuing the su command. This implies that the attacker has successfully connected to the telnet server with an account other than root. A failed attempt will cause an error message to be generated indicating that the user is not a member of an authorized group to obtain root privileges.
|
| Affected Systems | All telnet servers.
|
| Attack Scenarios | At attacker may attempt to gain root privileges on a telnet server.
|
| Ease of Attack | Simple
|
| Corrective Action | Use ssh instead of telnet to prevent su passwords from being sniffed.
Tightly restric su access to authorized users.
Block inbound telnet access if it is not required.
|
| Additional References | |