Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
421422423424425426427428429430
6-24
Intrusion Detection and Prevention
Threat Detection and Prevention
DNS
Check for a DNS reply without a valid request
Check for unknown DNS operation flags
Check for a domain name greater than 255 bytes
Check for a label size greater than 63 bytes
Check for an invalid DNS label offset
Check the resource record (RR) count and match it with the number
in the RR record
Ensure that a label reference is with the message
SNMP
Malformed SNMP message with the wrong ASN.1 types
Check for ASN.1 lengths that exceed packet length
RPC
Check whether credential length specified is within the RPC message
Check whether the verifier length specified is within the RPC message
length
Once external data representation (XDR) data is fed into the system
for various program numbers and procedure numbers, then it will do
an XDR parse and ensure that the malformed argument has passed.
Port Maps
The TMS zl Module includes several default port mappings. You can add more
port maps (port-to-services associations) and delete the default mappings, but
you cannot add more services to the port maps list. (See also “Port Mapping”
in Chapter 4: “Firewall.”)
The IDS draws on the port maps to learn which application to expect on a
particular port. For example, if you add a port map that associates HTTP with
port 8088, the TMS zl Module will treat traffic on port 8088 as HTTP traffic,
which means that any signatures that apply to HTTP will be applied to traffic
on port 8088.
Traffic that passes through ports not on this map will be assumed to be the
services that are associated with the IANA well-known ports. If no application
is assigned to the port by the TMS zl Module or IANA, the traffic will be treated
as generic TCP/UDP traffic.