TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

101

102

103

104

105

106

107

108

109

110

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

110

would check for various running system services to exploit or for the presence of security software, such as host IDS or

monitoring scripts. The attacker could possibly gain information needed for other attacks on the system. This rule will

triggers when an attempt is made to send an /bin/ps pattern to http web server.

Signature ID: 904

/etc/inetd.conf file web access vulnerability

Threat Level: Severe

Signature Description: The inetd configuration lists the daemons executed at boot time on a UNIX or Linux based

system. The attacker could possibly gain information needed for other attacks on the host. This rule will triggers when

an attempt is made to send an /etc/inetd.conf pattern to http web server.

Signature ID: 905

/etc/motd web access vulnerability

Threat Level: Severe

Signature Description: This is an attempt to gain intelligence about the system hosting a webserver. The motd is used

to display system information on a UNIX or Linux based system. The attacker could possibly gain information needed

for other attacks on the host. This rule will triggers when an attempt is made to send an /etc/motd pattern to http web

server.

Signature ID: 906

/etc/shadow web access vulnerability

Threat Level: Severe

Signature Description: The shadow file usually found in the /etc/ directory on UNIX based systems, contains login

information for users of a host. This file is generally used on muli-user systems to provide greater security for user

passwords. This file should only be readable by the super user. If an attacker was successful in retrieving this file, they

could then obtain valid login information for the system by using widely available password cracking tools on the file.

Logs will be generated for this signature when /etc/shadow pattern is sent to http server.

Signature ID: 907

/usr/bin/cc command web execute vulnerability

Threat Level: Severe

Signature Description: This is an attempt to compile a C or C++ source file on a host. The cc command is the GNU

project's C and C++ compiler used to compile C and C++ source files into executable binary files. The attacker could

possibly compile aprogram needed for other attacks on the system or install a binary program of his choosing. Logs

will be generated for this signature when /usr/bin/cc pattern is sent to the http server.

Signature ID: 908

/usr/bin/cpp command web execute vulnerability

Threat Level: Severe

Signature Description: This is an attempt to compile a C or C++ source file on a host. The cc command is the GNU

project's C and C++ compiler used to compile C and C++ source files into executable binary files. The attacker could

possibly compile a program needed for other attacks on the system or install a binary program of his choosing. Logs

will be generated for this signature when /usr/bin/cpp pattern is sent to the http server.

Signature ID: 909

/usr/bin/g++ command web execute vulnerability

Threat Level: Severe

Signature Description: This is an attempt to compile a C or C++ source file on a host. The g++ command is the GNU