Rule:

--
Sid:
709

--
Summary:
This event is generated after an attempted login to a telnet server 
using the username 4Dgifts.

--
Impact:
Unauthorized remote access.

--
Detailed Information:
This event is generated when an attempt is made to login to a server
using the username 4Dgifts via Telnet. This is a default account on some
SGI based machines. The password may also be 4Dgifts or it may not have
a password assigned.

Repeated events from this rule may indicate a determined effort to guess
the password for this account.

--
Affected Systems:
	SGI Telnet servers.

--
Attack Scenarios:
An attacker may attempt to connect to a telnet server using the username
4Dgifts.

--
Ease of Attack:
Simple

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Disable the 4Dgifts account.

Use ssh as an alternative to Telnet

Block inbound telnet access if it is not required.

--
Contributors:
Original Rule Writer Unknown
Sourcefire Research Team
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:

--
