Rule: -- Sid: 1066 -- Summary: This event is generated when an attempt is made to access telnet.exe on a remote web server via a web request. -- Impact: Information gathering and system integrity compromise. Possible unauthorized administrative access to the server. Possible execution of arbitrary code of the attackers choosing in some cases. -- Detailed Information: This event is generated when an attempt is made to acess telnet.exe on a remote web server. The attacker can use telnet to directly connect to other computers and launch attacks from the web server. This event indicates that an attempt has been made to execute the program telnet.exe using a web request. -- Affected Systems: All systems using a web server. -- Attack Scenarios: The attacker may use telnet to access other machines or compromise the resources on the target system. -- Ease of Attack: Simple. Exploits exist. -- False Positives: None known. -- False Negatives: None known. -- Corrective Action: Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied. Check the host logfiles and application logs for signs of compromise. -- Contributors: Original rule writer unknown Sourcefire Vulnerability Research Team Nigel Houghton <nigel.houghton@sourcefire.com> -- Additional References: --