GEN:SID | 1:1251 |
Message | INFO TELNET Bad Login |
Summary | This event is generated when an unsuccessful telnet login attempt was detected.
|
Impact | Serious. Possible unauthorized access.
|
Detailed Information | A user tried to log on to a system via telnet, but has been rejected, either due to invalid username, password, or both. This could mean someone is trying to log on without a proper password (if there are multiple unsuccessful logins) or they may have just mistyped the username or the password.
A large number of these events may indicate an attempt to access the system using a brute force method of guessing usernames and passwords.
|
Affected Systems | Machines running telnet servers.
|
Attack Scenarios | Attacker brute-forces passwords for a known username via a script or application.
|
Ease of Attack | Simple.
|
Corrective Action | Check how many invalid attempts occurred, change the password of the user that tried to log in.
|
Additional References | |