TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

291

292

293

294

295

296

297

298

299

300

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

295

application or process like, Greeting cards or Games etc.When the user opens or triggers, then the malicious program

will sit in the users computer and tries to open a backdoor silently and give a way to an attacker to take full control of

the user and can exploit the user. This rule tries to detect Backdoor NetSphere. A cracker may use it to steal your

password or prevent you from working properly. NetSphere typically uses TCP ports 30100 to 30102.

Signature ID: 3004

PC Anywhere TCP Destination Port 5631 vulnerability detection

Threat Level: Information

Nessus: 10794

Signature Description: PcAnywhere is a pair of computer programs by Symantec which allows a user of the

pcAnywhere remote program on a computer to connect to a personal computer running the pcAnywhere host if both are

connected to the internet or the same LAN and the password is known. pcAnywhere runs on several platforms,

including Microsoft Windows, Linux, Mac OS X, and Pocket PC. pcAnywhere application is vulnerable to a brute

force attack. A successful exploitation of this vulnerability allows an attacker to steal your password or prevent you

from working properly.

Signature ID: 3005

BackOrifice trojan attack

Threat Level: Severe

Industry ID: CVE-1999-0660 Nessus:

10024,10152,10151,10409,10053,10270,10501,10288,10307,10350,10920,10921

Signature Description: BackOrifice is trojan which allows an intruder to take the control of the remote computer.Once

it installed on a system, BO2K can transmit information about the machine over the network, "snooping" the screen and

keyboard of the machine. A cracker may use it to steal your passwords, modify your data, and prevent you from

working properly.

Signature ID: 3008

Backdoor CDK detected on TCP destination port 15858

Threat Level: Information

Industry ID: CVE-1999-0660 Nessus:

10036,10024,10152,10151,10409,10053,10270,10501,10288,10307,10350,10920,10921

Signature Description: The remote host appears to be running CDK, which is a backdoor that can be used to control

your system. To use it, a cracker just has to connect to this port, and send the password 'ypi0ca' It is very likely that this

host has been compromised.

Signature ID: 3024

Backdoor DeepThroat 3.1

Threat Level: Severe

Industry ID: CVE-1999-0660 Nessus:

10036,10024,10152,10151,10409,10053,10270,10501,10288,10307,10350,10920,10921

Signature Description: This backdoor allows anyone to partially take the control of the remote system. A cracker may

use it to steal your password or prevent you from working properly. It specifically works on Windows 95, 98 and NT

platforms. Released in 1998 by the Dark Light Corporation, other variants or versions include DeepThroat 1.0,

DeepThroat 2.0, DeepThroat 2.1, DeepThroat 3.0, DeepThroat 3.1, DeepThroat 3.1 Lite, Win32.DeepThroat, DTV2,

DTV3, BackDoor-J.srv, BackDoor-J.cli, Backdoor.DeepThroat.