Manualshelf

TMS zl Module Release Notes ST.1.1.100330

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
50
Known Issues
Release ST.1.0.090603
PR_40312 — Log messages with message IDs of 609, 618, 629, and 659 are marked as critical
but should not be critical. They should be a warning.
time="2009-05-08 21:13:47" severity=critical pri=1
fw=ProCurve-TMS-zl-Module id=fw_l2l3_attack msg="FW: udp packet header
length is less than expected, packets dropped" srczone=INTERNAL
src=192.168.70.100 srcport=0 dstzone=ZONE6 dst=192.168.70.100 dstport=0
proto=UDP subfamid=packetheaderanomaly mtype=attack mid=609
time="2009-05-11 17:32:41" severity=critical pri=1
fw=ProCurve-TMS-zl-Module id=fw_l2l3_attack msg="FW: tcp packet header
length is less than expected, packets dropped" srczone=ZONE1 src=10.1.10.151
srcport=0 dstzone=SELF dst=10.1.10.6 dstport=0 proto=TCP subfamid=packet-
headeranomaly mtype=attack mid=618
time="2009-05-09 11:06:54" severity=critical pri=1
fw=ProCurve-TMS-zl-Module id=fw_l2l3_attack msg="Excessive number of TCP
connections with Zero bytes detected, possible TCP connect scan. One of the
possible five tuples are captured in this message" srczone=INTERNAL
src=192.168.1.209 srcport=36940 dstzone=EXTERNAL dst=192.168.2.21
dstport=25 proto=TCP subfamid=tcp-ipportscan mtype=attack mid=629
time="2009-05-08 22:03:53" severity=critical pri=1
fw=ProCurve-TMS-zl-Module id=fw_l2l3_attack msg="FW: protocol value is not
set, packets dropped" srczone=EXTERNAL src=192.168.70.100 srcport=0
dstzone=INTERNAL dst=192.168.70.100 dstport=0 proto=0 subfamid=protocola-
nomaly mtype=attack mid=659
PR_40662 Log entries with mid=681 and mid=611 are marked as critical when they
should not be considered critical.
time="2009-05-17 15:44:53" severity=critical pri=1
fw=ProCurve-TMS-zl-Module id=fw_l2l3_attack msg="NON-ALG traffic, Possible
WinNuke attack detected, packets dropped" srczone=INTERNAL
src=192.168.80.67 srcport=554 dstzone=INTERNAL dst=192.168.70.67
dstport=1029 proto=TCP subfamid=dosattack mtype=attack mid=681
time="2009-05-17 16:08:38" severity=critical pri=1
fw=ProCurve-TMS-zl-Module id=fw_l2l3_attack msg="FW: packet ip header is
less than expected, packets dropped" srczone=UNKNOWN_ZONE src=0.0.0.0
srcport=0 dstzone=UNKNOWN_ZONE dst=0.0.0.0 dstport=0 proto=0 subf-
amid=packetheaderanomaly mtype=attack mid=611
PR_40710 — Cannot open /var/log/sysstat/sa18: No such file or
directory is erroneously displayed when a TMS zl Module SSH session is opened and the
show tech command is executed.
Example:
1. Open a SSH session.
2. Run the show tech command.
The initial output will show the erroneous output, but the rest of the output is unaffected.