TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

6-26

Intrusion Detection and Prevention

Threat Detection and Prevention

■ Virus

•AIM Bot

•BugBear

• Trojan Haxdoor

• VBS.Postcard

•Worm Nyxem

■ Malware

•Spyware Abox

• Hotbar

• Adware Zango site

■ Reconnaissance

• AXIS StorPoint Vulnerability

• FTP—Multiple bad login attempts

• HTTP dangerous PUT method

■ Protocol anomaly (cannot disable)

• Invalid ACK number in SYN+ACK Packet

• DNS message pointer loop vulnerability

■ Portscan

• Detect the HTTP RPC endpoint mapper

■ Traffic info

•Welchia worm

• TFTP GET request from outside

• Attempt to download admin.dll using TFTP

■ Gain access

• ASN.1 buffer overflow attempt

• CA BrightStor ARCServ Backup LGServer Arbitrary File Upload

• DNS Bind exploit named 8.2->8.2.1 vulnerability

■ Exploit

• MS-SQL Shellcode attempt

• Access to vulnerable CGI Count.cgi

• Chameleon SMTP buffer overflow

■ DoS

• AnalogX Web server Denial of Service Vulnerability

• Apache scoreboard shared memory and DoS attacks

• mstream agent to handler DDOS

• mstream handler ping to agent DDOS