Michael,
Thank you for your inquiry.
Signature 5526.0 looks for non-standard or unusual telnet environment variable commands issued from the server to the telnet client. These are not necessarily malicious.
Unfortunately some server implementations may cause the current version of this signature to fire, even though the cause may be benign.
We have been made aware of this behavior and are modifying 5526.0 for the next signature release to address this issue.
In the meantime you can tune this signature by disabling it or apply filters as needed to reduce false positives.
Thank you again, and please let us know if you have any other questions.
Al Roethlisberger
IPS Signature Development Team