TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

301

302

303

304

305

306

307

308

309

310

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

310

resources the machine is connected to.This Trojan also has the ability to delete data, steal passwords and disable the

machine.This rule detects for the attack pattern on the port number 3150.

Signature ID: 3136

BACKDOOR DeepThroat 3.1 Connection attempt Port 4120

Threat Level: Information

Signature Description: Possible theft of data and control of the targeted machine leading to a compromise of all

resources the machine is connected to. This Trojan also has the ability to delete data, steal passwords and disable the

machine. This rule detects for the attack pattern on the port number 4120.

Signature ID: 3137

BACKDOOR DeepThroat 3.1 Server Response Port 3150

Threat Level: Severe

Signature Description: Possible theft of data and control of the targeted machine leading to a compromise of all

resources the machine is connected to. This Trojan also has the ability to delete data, steal passwords and disable the

machine. This rule detects for the attack pattern on the port number 3150 and the attack pattern "Ahhhh My Mouth Is

Open" found.

Signature ID: 3138

BACKDOOR DeepThroat 3.1 Server Response Port 4120

Threat Level: SEVERE

Signature Description: Possible theft of data and control of the targeted machine leading to a compromise of all

resources the machine is connected to. This Trojan also has the ability to delete data, steal passwords and disable the

machine. This rule hits for the attack pattern "Ahhhh My Mouth Is Open" which is flowing towards the destination port

4120.

Signature ID: 3139

BACKDOOR Doly 1.5 server response

Threat Level: Information

Signature Description: Doly is a Trojan Horse. Possible theft of data and control of the targeted machine leading to a

compromise of all resources the machine is connected to. This Trojan also has the ability to delete data, steal passwords

and disable the machine. Later versions are capable of launching DDoS attacks.A Backdoor is a software program that

gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the

user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to be used

by the attacker for malicious purposes unknown to the user. This signature detects Doly 1.5 traffic.

Signature ID: 3140

BACKDOOR Doly 2.0 access

Threat Level: CRITICAL

Signature Description: Doly is a Trojan Horse. Possible theft of data and control of the targeted machine leading to a

compromise of all resources the machine is connected to. This Trojan also has the ability to delete data, steal passwords

and disable the machine. Later versions are capable of launching DDoS attacks.A Backdoor is a software program that

gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the

user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to be used

by the attacker for malicious purposes unknown to the user. This signature detects Doly 2.0 traffic.