TELNET_MISC sm4ck attempt

 

Code: p326

Severity: Warning

 

Description: This event is generated when an attacker attempts to connect to a Telnet server using the phrase "hax0r". This is a known password for the sm4ck Linux rootkit.

Impact: Possible theft of data and control of the targeted machine leading to a compromise of all resources the machine is connected to.

Corrective: Disallow Telnet access from external sources. Use SSH as opposed to Telnet for access from external locations Delete the Trojan and kill any associated processes.