Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:715 |
Message | TELNET Attempted SU from wrong group |
Summary | This event is generated when a telnet server sends an error message regarding a failed user attempt to issue the 'su' command to get root privileges. |
Impact | Failed root access. This attack occurs when a user attempts to get root privileges using the su command. |
Detailed Information | An attacker may attempt to gain root privileges by issuing the su command. This implies that the attacker has successfully connected to the telnet server with an account other than root. A failed attempt will cause an error message to be generated indicating that the user is not a member of an authorized group to obtain root privileges. |
Affected Systems | All telnet servers. |
Attack Scenarios | At attacker may attempt to gain root privileges on a telnet server. |
Ease of Attack | Simple |
Corrective Action | Use ssh instead of telnet to prevent su passwords from being sniffed. Tightly restric su access to authorized users. Block inbound telnet access if it is not required. |
Additional References |
--
DID:732474
--
http://www.aanval.com/