> > full tcpdump is started for this port.
> >
> > all i need is to wait for attacker or (or RAM/CPU error).
>
> Make sure you run it with '-s 1500' to get the full packets, and it
> wouldn't hurt to run it with '-w /tmp/telnet.tcpdump' so you can play
> back the data if you snag something interesting.
>
since 2 days i'm under attack again and have >2MB gzipped dumps but no
telnetd.core for now...

if telnetd.core will happen, with full traffic dump it will be possible to
check if it's machine problem or telnetd bug...