GEN:SID 1:607
Message RSERVICES rsh bin
Summary This event is generated when an attempt to login using the "bin" account is made.
Impact An attacker may have gained the ability to initiate a remote interactive session on the server.
Detailed Information This event is generated when a connection using the "bin" account via  "rsh" is attempted.

This activity is indicative of attempts to abuse hosts using a default configuration.

Some UNIX systems used to ship with "bin" account enabled and no password required. Similarly, the "rshd" service was also enabled. This allowed an attacker to connect to the machine and establish an interactive session using the "bin" account.
Affected Systems  
Attack Scenarios An attacker finds a machine with default account "bin" and "rshd" service running and connects to it, then escalates his privileges to "root"
Ease of Attack Simple, no exploit software required
Corrective Action Investigate logs on the target host for further details and more signs of suspicious activity

Use ssh for remote access instead of rlogin.
Additional References Arachnids:
http://www.whitehats.com/info/IDS384

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0651
Rule References arachnids: 390