Rule History

SID: 10016325 • Source: ptrules/open

Versions (2)

Rev: 4

May 15, 2026, 1:35 PM

Version Details

Rev: 4 • Feb 11, 2026, 8:15 AM

Message:

ATTACK [PTsecurity] Telnetd Authentication Bypass attempt (CVE-2026-24061)

Rule:

alert tcp any any -> any 21 (msg:"ATTACK [PTsecurity] Telnetd Authentication Bypass attempt (CVE-2026-24061)"; flow:established, to_server; content:"|ff fa 27|"; content:"|00|USER|01|"; distance:0; content:"-f"; distance:0; pcre:"/USER\x01[^\x00\xff]*?-f/"; flowbits:set, Telnetd.exploit.flg; reference:cve, 2026-24061; reference:url, www.opennet.ru/opennews/art.shtml?num=64649; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10016325; rev:4;)

Created:

Feb 11, 2026, 8:15 AM

Updated:

Feb 11, 2026, 8:15 AM

DB Created:

Mar 2, 2026, 1:34 PM

DB Updated:

Mar 2, 2026, 1:34 PM

Archived:

May 15, 2026, 1:35 PM

Filename:

rules/ptopen-attacks.rules