1066.txt

snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具

Rule:

--
Sid:
1066

--
Summary:
This event is generated when an attempt is made to access telnet.exe on a remote
web server via a web request.

--
Impact:
Information gathering and system integrity compromise. Possible unauthorized
administrative access to the server. Possible execution of arbitrary code of 
the attackers choosing in some cases.

--
Detailed Information:
This event is generated when an attempt is made to acess telnet.exe on a remote
web server.  The attacker can use telnet to directly connect to other computers
and launch attacks from the web server.

This event indicates that an attempt has been made to execute the
program telnet.exe using a web request.

--
Affected Systems:
	All systems using a web server.

--
Attack Scenarios:
The attacker may use telnet to access other machines or compromise the
resources on the target system.

--
Ease of Attack:
Simple. Exploits exist.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Ensure the system is using an up to date version of the software and has
had all vendor supplied patches applied.

Check the host logfiles and application logs for signs of compromise.

--
Contributors:
Original rule writer unknown
Sourcefire Vulnerability Research Team
Nigel Houghton <nigel.houghton@sourcefire.com>

-- 
Additional References:

--