Telnet abuse
advICE :Intrusions : 2000901

Summary

Suspicious activity directed against a server has been detected. This doesn't necessarily indicate an attack itself, but may be part of some other attack.

Details

This signature triggers when a pattern of keystrokes is detected against a text-based protocol like SMTP, HTTP, or FTP. This is probably due to somebody using a Telnet client application that is interacting with these servers in a "raw" interactive mode.

Using Telnet in this fashion does not give the intruder any additional capabilities. The intruder cannot do anything with Telnet that cannot be done in some other fashion. Telnet abuse usually just indicates basic reconnaissance against your server.

False positives

Some NATs generate TCP 1-byte probes when under heavy load. This sometimes causes a false positive to trigger.

parametric information port The port identifies which protocol the Telnet session is trying to emulate: 21 FTP (File Transfer Protocol) 25 SMTP (Simple Message Transfer Protocol) 79 Finger 80 HTTP (Hyper-Text Transfer Protocol) 110 POP (Post Office Protocol) 143 IMAP (Internet Mail Access Protocol)

 
Version appeared: