Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
1-35
Overview
IDS/IPS
SMTP
Ensure that the command line does not exceed 512 bytes
Check the recursive boundary depth in SMTP data
Check for a header length that exceeds the maximum limit (user-
configurable)
FTP
Ensure that the command line does not exceed 512 bytes
IMAP
Check for malformed requests (the command line lacks the proper
tag, command, and so forth)
POP3
Ensure that the command line does not exceed 512 bytes
DNS
Check for a DNS reply without a valid request
Check for unknown DNS operation flags
Check for a domain name greater than 255 bytes
Check for a label size greater than 63 bytes
Check for an invalid DNS label offset
Check the resource record (RR) count and match it with the number
in the RR record
Ensure that a label reference is with the message
SNMP
Malformed SNMP message with the wrong ASN.1 types
Check for ASN.1 lengths that exceed packet length
RPC
Check whether credential length specified is within the remote pro-
cedure call (RPC) message
Check whether the verifier length specified is within the RPC message
length
Once external data representation (XDR) data is fed into the system
for various program numbers and procedure numbers, then it will do
an XDR parse and ensure that the malformed argument has passed.
Unlike signature-based detection, protocol anomaly detection does not
require a specific signature for each attack. Therefore, it can detect undocu-
mented or zero-day attacks, which helps to eliminate the window of vulnera-
bility during the first hours or days after an exploit is launched. In addition,
signature-based detection can miss threats when an attacker varies the threat