| GEN:SID | 1:1251 |
| Message | INFO TELNET Bad Login |
| Summary | This event is generated when an unsuccessful telnet login attempt was detected.
|
| Impact | Serious. Possible unauthorized access.
|
| Detailed Information | A user tried to log on to a system via telnet, but has been rejected, either due to invalid username, password, or both. This could mean someone is trying to log on without a proper password (if there are multiple unsuccessful logins) or they may have just mistyped the username or the password.
A large number of these events may indicate an attempt to access the system using a brute force method of guessing usernames and passwords.
|
| Affected Systems | Machines running telnet servers.
|
| Attack Scenarios | Attacker brute-forces passwords for a known username via a script or application.
|
| Ease of Attack | Simple.
|
| Corrective Action | Check how many invalid attempts occurred, change the password of the user that tried to log in.
|
| Additional References | |