Manualshelf

TMS zl Module Release Notes ST.1.1.100330

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
11121314151617181920
16
Software Fixes in Releases ST.1.0.090213 - ST.1.1.100330
Release ST.1.0.090603
time="2009-04-15 10:19:33" severity=critical pri=1
fw=ProCurve-TMS-zl-Module id=fw_l2l3_attack msg="ICMPREPLAY:
packets with duplicate sequence number found, packets dropped"
srczone=EXTERNAL src=192.168.80.5 dstzone=SELF dst=192.168.80.1
proto=ICMP icmptype=8 subfamid=icmpreplayattack mtype=attack
mid=653 icmpcode=0
time="2009-04-15 10:18:48" severity=critical pri=1
fw=ProCurve-TMS-zl-Module id=fw_l2l3_attack msg="ICMP: echo
response packet appeared without request, packets dropped"
srczone=SELF src=192.168.80.1 dstzone=EXTERNAL dst=255.255.255.255
proto=ICMP icmptype=0 subfamid=icmppacketanomaly mtype=attack
mid=642 icmpcode=0
PR_39337 — Log message with the message ID of 1356 is marked as critical but should not
be critical.
time="2009-04-16 18:08:59" severity=critical pri=1
fw=ProCurve-TMS-zl-Module id=fw_l2l3_attack msg="IP fragment data-
length is not in units of 8 octets" srczone=UNKNOWN_ZONE src=0.0.0.0
srcport=0 dstzone=UNKNOWN_ZONE dst=0.0.0.0 dstport=0 proto=0 subf-
amid=intergritycheck mtype=attack mid=1356
PR_39412 — Fuzzing DNS requests and responses can cause a TMS zl Module denial of
service if a DNS-based access policy is configured.
PR_39735 — During FTP stress testing, a denial of service attack could be executed against
the FTP Application Layer Gateway (ALG).
IPS/IDS
PR_12937 — In a certain condition, when the TCP RST timeout value is set to zero and IPS
is enabled, the TMS zl Module will not forward a TCP RST packet from one peer to another.
If there is a TCP session established or half-established between client and server, and the
server sends an RST Packet to close the session, the TMS zl Module will mark the session to
be deleted. If IPS is enabled, the TMS zl Module will forward the RST packet to IPS. After
IPS finishes processing the packet, the TMS zl Module gets the RST packet. Since TMS zl
Module has already marked the session to be deleted and the RST timeout value is 0, the RST
packet is not forwarded to the peer and is dropped. The problem only happens for RST
packets. By setting the RST timeout value to something other than zero, this issue can be
avoided.
PR_18204 — If you filter signatures by severity, then disable a family of signatures, the
expected result is that all displayed signatures in that family will be disabled. However, the
actual result is that only some of the signatures displayed get disabled. This can be observed