Manualshelf

TMS zl Module Release Notes ST.1.1.100330

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
17
Software Fixes in Releases ST.1.0.090213 - ST.1.1.100330
Release ST.1.0.090603
by viewing info signatures, then disabling the XSS family. When the operation completes,
refresh the page, and view info signatures. When you inspect the XSS family you will see
that not all XSS family info signatures are disabled.
PR_37450 — TMS zl Module was not saving the IPS or IDS configuration in its configuration
backup file.
PR_37834 — When IPS settings are changed for threat level actions and an IPS attack was
detected, the log entry for that attack did not display the changed rule action.
PR_37838 — The log does not display the correct message when an attack is detected by IPS
The following log is displayed during an IPS attack:
time="2009-03-19 09:57:14" severity=critical pri=1
fw=ProCurve-TMS-zl-Module id=ips_attack_family rule=3331 msg="IPS
detection: Allow: Backdoor FeRAT 1.00" src=192.168.1.20 srcport=1079
dst=192.168.3.20 dstport=1234 proto=TCP ruleaction=Allow ruleth-
reat=Critical connectiondirection=initiator packetdirection=2 pack-
etlength=43 ipidentification=914 rulefam=BACKDOOR ruledsc="Backdoor
FeRAT 1.00" subfamid=ips_signature_based_logs attackid=no-id
mtype=iips_l5_l7_attack mid=3331 timetolive=3 actiontype=log
Go to IPS>Settings>Actions page and set the threat level to the default values:
Critical=Terminate session
Severe=Block traffic
Minor=Block traffic
Warning=Allow traffic
Information=Allow traffic
The following log is displayed, which does not display the correct action:
time="2009-03-19 02:01:49" severity=major pri=2
fw=ProCurve-TMS-zl-Module id=ips_attack_family rule=3101 msg="IPS
detection: Allow: Doly Backdoor for Windows detection"
src=192.168.1.20 srcport=1051 dst=192.168.3.20 dstport=1015
proto=TCP ruleaction=Allow rulethreat=Severe connectiondirec-
tion=initiator packetdirection=2 packetlength=44 ipidentifica-
tion=42240 rulefam=BACKDOOR ruledsc="Doly Backdoor for Windows
detection" subfamid=ips_signature_based_logs attackid=no-id
mtype=iips_l5_l7_attack mid=3101 timetolive=3 actiontype=block
time="2009-03-19 02:01:49" severity=critical pri=1
fw=ProCurve-TMS-zl-Module id=ips_attack_family rule=3189 msg="IPS
detection: Allow: BackDoor Digital Root Beer" src=192.168.1.20
srcport=1050 dst=192.168.3.20 dstport=2600 proto=TCP ruleac-
tion=Allow rulethreat=Critical connectiondirection=initiator pack-
etdirection=2 packetlength=60 ipidentification=38912