TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
303
Signature ID: 3094
Back Orifice 2000 Backdoor detection
Threat Level: Severe
Signature Description: Back Orifice 2000 or 'BO2k' is a computer program designed for remote system administration.
It enables a user to control a computer running the Microsoft Windows operating system from a remote location. Back
Orifice 2000 is widely regarded as a backdoor program. This classification is justified by the fact that Back Orifice
2000 is often installed by a Trojan horse by a malicious user without the knowledge of the systems administrator.
System administrators are expected to ignore this alert when they are using Back Orifice 2000 for administration of
their system. This signature detects Back Orifice 2000 traffic on TCP Ports 54320-54321.
Signature ID: 3095
Back Orifice 2000 Backdoor detection
Threat Level: Severe
Signature Description: Back Orifice 2000 or 'BO2k' is a computer program designed for remote system administration.
It enables a user to control a computer running the Microsoft Windows operating system from a remote location. Back
Orifice 2000 is widely regarded as a backdoor program. This classification is justified by the fact that Back Orifice
2000 is often installed by a Trojan horse by a malicious user without the knowledge of the systems administrator.
System administrators are expected to ignore this alert when they are using Back Orifice 2000 for administration of
their system. This signature detects Back Orifice 2000 traffic on TCP Port 31337.
Signature ID: 3096
Back Orifice 2000 Backdoor detection
Threat Level: Severe
Signature Description: Back Orifice 2000 or 'BO2k' is a computer program designed for remote system administration.
It enables a user to control a computer running the Microsoft Windows operating system from a remote location. Back
Orifice 2000 is widely regarded as a backdoor program. This classification is justified by the fact that Back Orifice
2000 is often installed by a Trojan horse by a malicious user without the knowledge of the systems administrator.
System administrators are expected to ignore this alert when they are using Back Orifice 2000 for administration of
their system. This signature detects Back Orifice 2000 traffic on TCP Port 1025.
Signature ID: 3097
Bugs Backdoor for Windows 9x and NT
Threat Level: Severe
Signature Description: Backdoor 'Bugs', also known as 'W32/Backdoor.Feap', 'Backdoor.Feap' and 'Backdoor-BI', is a
backdoor program that permits unauthorized malicious users to remotely perform a variety of operations on the host
system without the administrator's knowledge. These operations include desktop appearance changes, changing the
registry, executing commands, add or remove start up programs, starting services, listing, uploading or downloading of
files and retrieval of shared information from programs using Dynamic Data Exchange. Bugs runs from the server file
"C:\WINDOWS\SYSTEM\SYSTEMTR.EXE" over port 2115 via TCP and affects Microsoft Windows 9x/NT.
Signature ID: 3098
Backdoor Coma detection
Threat Level: Warning
Signature Description: Coma is a backdoor for Windows 9x that allows a remote attacker to take control of a system
once it has been infected. Control includes allowing the attacker to retrieve system information, execute programs, use
FTP to transfer files, and log keystrokes. This backdoor is known to infect only windows 9x based systems.