Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:1251 |
| Message | INFO TELNET Bad Login |
| Summary | This event is generated when an unsuccessful telnet login attempt was detected. |
| Impact | Serious. Possible unauthorized access. |
| Detailed Information | A user tried to log on to a system via telnet, but has been rejected, either due to invalid username, password, or both. This could mean someone is trying to log on without a proper password (if there are multiple unsuccessful logins) or they may have just mistyped the username or the password. A large number of these events may indicate an attempt to access the system using a brute force method of guessing usernames and passwords. |
| Affected Systems | Machines running telnet servers. |
| Attack Scenarios | Attacker brute-forces passwords for a known username via a script or application. |
| Ease of Attack | Simple. |
| Corrective Action | Check how many invalid attempts occurred, change the password of the user that tried to log in. |
| Additional References |
--
DID:149840
--
http://www.aanval.com/