can be filtered

**	:easily
*	:possible
~	:possible, but may be not a good idea (would generate too many alerts, or not very interesting)
-	:no
?	:need more info


...............................................................................................



username/password buffer overflows -> dos or remote shell
*	rideway PN dos (buffer overflow on begining of connection)
*	foundry network (long password + enter = reboot switch)	
	HP JetDirect (?)
**	GAMSoft telnetd (username of 4550 chars)
**	Shadow Op Dragon telnetd (dos if username > 16500 chars)
**	GoodTech Telnet Server (dos if username > 23870 chars)
**	ByteFusion Telnet (dos if username > 3090 chars)


other buffer overflows
-	MS hilgraeve hyperterminal (telnet address of more than 153 chars, triggered through html)
-	Windows 9x Telnet Client (bufferoverflow on 'connect failed msg', triggered through html)
~	Win2000 telnetd (send a stream of 0)


magic keywords
*	netopia 650 (displays system logs if ctrl-F or ctrl-E typed)
*	freebsd telnetd (telnetd searches for file with TERMCAP before login, thus creating heavy overload)
*	IRIX telnetd (execute commands embeded in IAB-SB-TELOPT_ENVIRON )
~	cisco IOS telnetd (when ENVIRON used, IOS reboots)



bad programing 
-	cisco catalyst memory leak (telnet server does not free mem after usage: dos)
-	cisco online help (cisco's access lists accessible to non authorized users through badly implemented cmds)
-	MS win2000 telnet.exe (always try to connect with server with NTLM: may be sniffed & cracked)
~	win2000 telnet session timeout dos (server does not timeout and wait for user identification)




REM:

. for MS Hilgraeve hyperterminal bufflow, could be in http filter
. MS win2000 telnet.exe: set a NTLM filter sniffing NTLM connection to outside