Release Notes Threat Management Services zl Module ST.1.2.110909 11-2011
30
Software Fixes in Releases ST.1.0.090213 - ST.1.2.110909
Release ST.1.0.090603
time="2009-03-19 02:01:49" severity=critical pri=1
fw=ProCurve-TMS-zl-Module id=ips_attack_family rule=3189 msg="IPS
detection: Allow: BackDoor Digital Root Beer" src=192.168.1.20
srcport=1050 dst=192.168.3.20 dstport=2600 proto=TCP ruleac-
tion=Allow rulethreat=Critical connectiondirection=initiator pack-
etdirection=2 packetlength=60 ipidentification=38912
rulefam=BACKDOOR ruledsc="BackDoor Digital Root Beer" subf-
amid=ips_signature_based_logs attackid=no-id
mtype=iips_l5_l7_attack mid=3189 timetolive=3 actiontype=terminate
■ PR_38512 — When the same IPS attack was continuously launched against the TMS zl
Module and generating log entries, log throttling was not working and many of the same IPS
log entries were populating the log file.
Monitor Mode
■ PR_14582 — In monitor mode, the CLI command ips help does not reflect the commands
that are actually available in monitor mode as opposed to routing mode.
High Availability
■ PR_38385 — Connection reservations do not fail over from the Master to the Participant in
an Active-Standby configuration.
Example:
PC DMZ 10.10.30.254 | TMS | Zone1 192.168.1.254 PC Server
10.10.30.1 192.168.1.1
Zone limits DMZ = 5
Connection reservation DMZ, inbound, reserved for 192.168.1.1, Reservation count = 3
If the PC opens TCP connections through the Master, and a fail over situation occurs, the
reservation count was not correctly followed.
■ PR_38959 — In High Availability Active-Standby configuration, when running a mix of RTSP
and SMTP traffic for a period, the command no connections does not reset some of the current
connections.
VPN
■ PR_17972 — In the web browser interface, in the Help for VPN, the wrong performance
numbers are reported.
■ PR_38173 — Misleading error messages appear when adding or editing an IKE policy in the
web browser interface (VPN > Certificates > IPsec Certificates).