TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
307
Signature ID: 3119
The Thing Backdoor detection
Threat Level: Critical
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. The Thing Backdoor version 1.5 is a backdoor program that affects
Microsoft Windows family of Operating Systems. With 'The Thing', an attacker can execute programs, upload, move,
copy, and delete files and restart the host system. The Thing can also send the infected system's IP address in an ICQ
message to a pre-configured user every time Windows starts. Administrators are advised to close access to the TCP
port 6400.
Signature ID: 3121
Total Eclypse Backdoor detection
Threat Level: Critical
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. Total Eclypse 1.0 is a backdoor for Microsoft Windows 9x/NT
operating systems. With the Total Eclypse backdoor, an attacker can upload files to your computer using a built-in FTP
server. The remote attacker can then use this feature to take complete control of a victim host. Administrators are
advised to close the ports 3791 and 3800 for external users.
Signature ID: 3122
Ultors Backdoor detection
Threat Level: Critical
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected.Ultors is a backdoor for Microsoft Windows including versions of
Vista and Windows CE. Once installed on a system, Ultors permits unauthorized users to remotely perform a variety of
operations including viewing and deleting of files and directories, execution of programs, shut down of host system and
displaying error messages. This backdoor attempts to open a port on the host system, typically TCP port 1234 to allow
the attacker system to connect to it. Administrators are advised to restrict access to the TCP port 1234.
Signature ID: 3123
BackOrifice detection
Threat Level: Critical
Signature Description: A backdoor is a method of bypassing normal authentication, securing remote access to a
computer, obtaining access to plain text, etc. while attempting to remain undetected. Back Orifice (BO) is a
controversial computer program designed for remote system administration. It enables a user to control a computer
running the Microsoft Windows operating system from a remote location.Although Back Orifice has legitimate
purposes, the server can hide itself from cursory looks by users of the system and can be installed without user
interaction hence it is distributed as payload of a Trojan horse. Back Orifice was designed with a client-server
architecture. A small and unobtrusive server program is installed on one machine, which is remotely manipulated by a
client program with a graphical user interface on another computer system. The two components communicate with
one another using the TCP and/or UDP network protocols commonly on port 31337. A cracker may use it to steal your
passwords, modify your data, and prevent you from working properly. This signature detects BackOrifice 2000 traffic.
Signature ID: 3124
Subseven Backdoor detection
Threat Level: Warning
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. SubSeven is a powerful backdoor that is widely used against
Windows 9x/Me/NT/2000/XP/2003 systems. A remote attacker can do any function that could be done locally on the