GEN:SID | 1:719 |
Message | TELNET root login |
Summary | This event is generated after an attempted login to a telnet server using the username root.
|
Impact | Remote root access. This may or may not indicate a successful root login to a telnet server.
|
Detailed Information | This event is generated after a telnet server observes an attempted login with the username root. It is not possible to tell from this event alone whether or not the attempt was successful. If this is followed by a login failure event, the root login did not succeeed. However, if no failure message is observed and the rule with SID 718 is enabled, this may indicate that the root login succeeded.
|
Affected Systems | Telnet servers.
|
Attack Scenarios | An attacker may attempt to connect to a telnet server using the username of root.
|
Ease of Attack | Simple
|
Corrective Action | Consider using Secure Shell instead of telnet.
Disable root logins to telnet.
Block inbound telnet access if it is not required.
|
Additional References | |