GEN:SID 1:603
Message RSERVICES rlogin echo++
Summary This event is generated when an attempt to modify access control permissions for remote shell logins is attempted.
Impact An attacker may have modified remote login permissions such that any host is allowed to initiate a remote session on the target host.
Detailed Information The rule generates an event when system reconfiguration is attempted via "rsh".

The command "echo + +" is used to relax access control permissions for r-services to allow access from any site without the need for password authentication.

This activity is indicative of attempts to abuse hosts using a default configuration.

Some UNIX systems use the "rsh" service to allow a connection to the machine for establishing an interactive session.
Affected Systems  
Attack Scenarios An attacker finds a machine with "rsh" enabled and reconfigures it to allow access from any location
Ease of Attack Simple, no exploit software required
Corrective Action Investigate logs on the target host for further details and more signs of suspicious activity

Use ssh for remote access instead of rlogin.
Additional References Arachnids:
http://www.whitehats.com/info/IDS385
Rule References arachnids: 385