Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
491492493494495496497498499500
6-17
Intrusion Detection and Prevention
Threat Detection and Prevention
IMAP
Check for malformed requests (without proper tag, command, and so
on, in the command line)
POP3
Ensure that the command line does not exceed 512 bytes
DNS
Check for a DNS reply without a valid request
Check for unknown DNS operation flags
Check for a domain name greater than 255 bytes
Check for a label size greater than 63 bytes
Check for an invalid DNS label offset
Check the resource record (RR) count and match it with the number
in the RR record
Ensure that a label reference is with the message
SNMP
Malformed SNMP message with the wrong ASN.1 types
Check for ASN.1 lengths that exceed packet length
RPC
Check whether credential length specified is within the RPC message
Check whether the verifier length specified is within the RPC message
length
Once external data representation (XDR) data is fed into the system
for various program numbers and procedure numbers, then it will do
an XDR parse and ensure that the malformed argument has passed.
Port Maps
The TMS zl Module includes several default port mappings. You can add more
port maps (port-to-services associations) and delete the default mappings, but
you cannot add more services to the port maps list. (See also “Port Mapping”
in Chapter 4: “Firewall.”)
The IDS draws on the port maps to learn which application to expect on a
particular port. For example, if you add a port map that associates HTTP with
port 8088, the TMS zl Module will treat traffic on port 8088 as HTTP traffic,
which means that any signatures that apply to HTTP will be applied to traffic
on port 8088.