""GPL TELNET root login""
SID: 2100719
Revision: 9
Class Type: suspicious-login
Metadata: created_at 2010_09_23, updated_at 2012_09_12
Reference:
Protocol: tcp
Source Network: $TELNET_SERVERS
Source Port: 23
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: from_server,established
Contents:
- Value: "login|3A| root"
Within:
PCRE:
Special Options: