Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1061106210631064106510661067106810691070
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1068
Signature ID: 100141
UDP Checksum error
Threat Level: Critical
Signature Description: A UDP packet with incorrect check sum detected.The reasons could be due to transmission
errors or improper way of sending UDP packets.If rate of detection of this event is high, it may be because of possible
DOS attack by using packet generation tool like ISIC or UDPSIC.
Signature ID: 100142
P2P Application
Threat Level: Information
Signature Description: A peer to peer (or P2P) computer network uses diverse connectivity between participants in a
network and the cumulative bandwidth of network participants rather than conventional centralized resources where a
relatively low number of servers provide the core value to a service or application. As these networks consume a lot of
resources, it is necessary for an IPS device to facilitate detection of this traffic. This signature facilitates generation of
p2p application logs.
Signature ID: 160141
Dmisd RPC service is running
Threat Level: Information
Industry ID: CVE-2002-0391 Bugtraq: 5356
Signature Description: The XDR (external data representation) libraries are used to provide platform-independent
methods for sending data from one system process to another, typically over a network connection. Such routines are
commonly used in remote procedure call (RPC) implementations to provide transparency to application programmers
who need to use common interfaces to interact with many different types of systems. The xdr_array() function in the
XDR library provided by Sun Microsystems contains an integer overflow. This signature detects when an attacker
passing an overly long number of elements to xdr_array through RPC services such as dmispd and rpc.cmsd. The
successful exploitation may allow an attacker to overflow a buffer and execute arbitrary code on the system. This
signature specifically detects XDR(The XDR data representation is used to parse the packet and split it into different
arguments) format string by using UDP service.
Signature ID: 160142
Dmisd RPC service is running
Threat Level: Information
Industry ID: CVE-2002-0391
Bugtraq: 5356
Signature Description: The XDR (external data representation) libraries are used to provide platform-independent
methods for sending data from one system process to another, typically over a network connection. Such routines are
commonly used in remote procedure call (RPC) implementations to provide transparency to application programmers
who need to use common interfaces to interact with many different types of systems. The xdr_array() function in the
XDR library provided by Sun Microsystems contains an integer overflow. This signature detects when an attacker
passing an overly long number of elements to xdr_array through RPC services such as dmispd and rpc.cmsd. The
successful exploitation may allow an attacker to overflow a buffer and execute arbitrary code on the system. This
signature specifically detects XDR(The XDR data representation is used to parse the packet and split it into different
arguments) format string by using TCP service.
Signature ID: 160143
Dmisd RPC service is running
Threat Level: Information
Industry ID: CVE-2002-0391 Bugtraq: 5356