TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

301

302

303

304

305

306

307

308

309

310

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

309

data, steal passwords and disable the machine and also to take complete control of the system. This signature detects

Outbound Backdoor traffic.

Signature ID: 3130

BACKDOOR Dagger_1.4.0_client_connect

Threat Level: Information

Signature Description: The Dagger backdoor is one of many backdoor programs that attackers can use to access

victims computer without the knowledge or consent of the victim. Once installed it places a server on TCP port 2589 or

TCP port 1386, which allows a remote client to connect to your computer. This Trojan also has the ability to delete

data, steal passwords and disable the machine and also to take complete control of the system. This signature detects

Inbound Backdoor client to server traffic.

Signature ID: 3131

BACKDOOR BackConstruction Connection

Threat Level: Severe

Signature Description: Backdoor BackConstruction 2.1 is a Trojan that opens up a backdoor program.It is also known

as Back Construction, Nightmare.B and Backdoor.Nightmare.B. once installed on a system, it permits unauthorized

users to remotely perform a variety of operations, such as changing the registry, executing commands, starting services,

listing files, and uploading or downloading files. It operates from the server file c:\WINDOWS\Cmctl32.exe, this

product allows someone to remotely control your computer by communicating through ports over 5401, and 5402 via

TCP.

Signature ID: 3132

Backdoor BackConstruction 2.1

Threat Level: Information

Signature Description: Backdoor BackConstruction 2.1 is a Trojan that opens up a backdoor program.It is also known

as Back Construction, Nightmare.B and Backdoor.Nightmare.B. once installed on a system, it permits unauthorized

users to remotely perform a variety of operations, such as changing the registry, executing commands, starting services,

listing files, and uploading or downloading files. It operates from the server file c:\WINDOWS\Cmctl32.exe, this

product allows someone to remotely control your computer by communicating through ports over 666, 5401, and 5402

via TCP.

Signature ID: 3133

BACKDOOR CDK Port 79

Threat Level: Information

Signature Description: CDK is a Trojan Horse offering the attacker control of the victim host. This event is generated

when an attacker connects to a victim server.This rule detects the attack pattern on port number 79.

Signature ID: 3134

BACKDOOR DeepThroat 3.1 Connection attempt

Threat Level: Information

Signature Description: Possible theft of data and control of the targeted machine leading to a compromise of all

resources the machine is connected to. This Trojan also has the ability to delete data, steal passwords and disable the

machine.

Signature ID: 3135

BACKDOOR DeepThroat 3.1 Connection attempt Port 3150

Threat Level: Information

Signature Description: Possible theft of data and control of the targeted machine leading to a compromise of all