TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
315
Signature ID: 3161
BACKDOOR hack-a-tack
Threat Level: Warning
Signature Description: Backdoor Hack-a-tack is a Trojan that opens up a backdoor program that, once installed on a
system, permits unauthorized users to remotely alter the user interface, run commands, log keystrokes, shutdown
windows, etc. Hack-a-Tack typically runs over port 31789 via TCP. Many backdoor programs, attackers can use to
access your computer system without victim's knowledge or consent. With the Hack'a'Tack backdoor, an attacker can
do the following move and close windows on your desktop, start an FTP server on your computer, log your keystrokes,
including passwords you type, shut down the computer and execute programs.
Signature ID: 3162
BACKDOOR subseven 22
Threat Level: Warning
Signature Description: SubSeven is a powerful backdoor that is widely used against Microsoft Windows 2000,
Windows 2003 Server, Windows 95, Windows 98, Windows 98SE, Windows Me, Windows NT 4.0 and Windows XP
versions. By these versions a remote attacker can do anything to a victim's computer that could be done locally, the
attacker can shut down or restart your computer, retrieve saved and cached passwords, modify your system registry,
upload, download, and delete files from your system, intercept keyboard activity or take over the keyboard, view your
current screen or webcam output.
Signature ID: 3163
BACKDOOR subseven DEFCON8 2.1 access
Threat Level: Severe
Signature Description: SubSeven is a powerful backdoor that is widely used against Microsoft Windows 95 and
Windows 98 versions. By these versions a remote attacker can do anything to a victim's computer that could be done
locally, the attacker can shut down or restart your computer, retrieve saved and cached passwords, modify your system
registry, upload, download, and delete files from your system, intercept keyboard activity or take over the keyboard,
view your current screen or webcam output. Once connected to port 16959, the server displays "PWD" and prompts for
a password. The password for the SubSeven DEFCON8 2.1 backdoor server is "acidphreak", a successful client login
will return a banner.
Signature ID: 3164
BACKDOOR trinity connection
Threat Level: Severe
Signature Description: This event is generated when an attacker attempts to connect to a Trinity DDoS Trojan
server.Trinity Trojan affects UNIX operating systems.Trinity is used as a Distributed Denial of Service (DDoS) agent
and can launch DDoS attacks from a large number of hosts against a target. Once connected, the attacker can issue a
preconfigured password to open a shell running with root privileges. This backdoor has been observed running on
many hosts infected with the Trinity DDoS agent.
Signature ID: 3165
BACKDOOR w00w00 attempt
Threat Level: Severe
Signature Description: Trojan horses are malicious program which usually hacker used to bind it with some other
application or process like, Greeting cards or Games etc.When the user opens or triggers, then the malicious program
will sit in the users computer and tries to open a backdoor silently and give a way to an attacker to take full control of
the user and can exploit the user. This event is generated when an attacker attempts to connect to a w00w00 server
using Telnet. The trojan will affect UNIX operating system. This Trojan has the ability to delete data and steal
passwords.