TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

351

352

353

354

355

356

357

358

359

360

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

355

Signature ID: 4007

Ascend MAX UDP Port 9 Vulnerability

Threat Level: Warning

Industry ID: CVE-1999-0060

Bugtraq: 714 Nessus: 10019

Signature Description: Lucent Ascend TNT Router 2.0 and Lucent Ascend TNT Router 1.0, Lucent Ascend Pipeline

Router 1.0 to Lucent Ascend Pipeline Router 6.0 and Lucent Ascend MAX Router 1.0 to Lucent Ascend MAX Router

5.0 are vulnerable versions. It is possible to make the remote Ascend router reboot by sending it a UDP packet

containing special data on port 9 (discard). A cracker may use this flaw to make your router crash continuously,

preventing your network from working properly. This attack will send the Follwing data pattern to the port 9 #1 2 3 4 5

6 7 8 9 10 00 00 07 a2 08 12 cc fd a4 81 00 00 00 00 12 34 56 78 ff ff ff ff ff ff ff 00 4e 41 4d 45 4e 41 4d 45 4e 41 4d

45 4e 41 4d 45 ff 50 41 53 53 57 4f 52 44.

Signature ID: 4008

+ + + ATH0 modem hangup

Threat Level: Warning

Industry ID: CVE-1999-1228 Nessus: 10020

Signature Description: It is possible to disconnect the remote host by sending it an ICMP echo request packet

containing the string '+ + + ATH0' (whithout the spaces). It is also possible to make the remote modem hangup and dial

any phone number. for echo icmptype is 8, icmpcode is 0 and the content is "+++ATH0\r\n"at the begining. This icmp

to cause the modem on the responding computer to execute the received commands. This attack can be performed on

any computer with a Global Village modem.

Signature ID: 4018

Firewall-1 Port 0 Denial of Service Vulnerability

Threat Level: Warning

Industry ID: CVE-1999-0675 Bugtraq: 576 Nessus: 10074

Signature Description: Check Point is a leader in network security software, firewall solutions, VPN solutions,

endpoint security, network protection, security management. Check Point Software Firewall-1 4.0 and Check Point

Software Firewall-1 3.0 are vulnerable to denial of service attack. It is possible to crash either the remote host or the

firewall in between us and the remote host by sending an UDP packet going to port 0. This flaw may allow an attacker

to shut down your network.

Signature ID: 4021

HotSync Manager no authentication vulnerability

Threat Level: Warning

Industry ID: CVE-2000-0058 Bugtraq: 920

Signature Description: The Handspring Visor is a Palm-compatible personal organizer. It ships with Network Hotsync,

an application designed to perform backups and synchronizations of the Visor to a PC or Macintosh computer over an

IP network. There is no authentication done for this transaction in Handspring Visor Network HotSync 1.0. So,

anybody with a Visor users name and IP address can initiate the hotsync and retrieve the user's information including

his mail. An attacker can also send email with the victim user's credentials.

Signature ID: 4023

IParty Conferencing server DoS attack

Threat Level: Warning

Industry ID: CVE-1999-1566

Bugtraq: 6844 Nessus: 10111

Signature Description: Intel Corporation iParty Conferencing server is an audio/text chat program for Windows. The

iParty server listens on port 6004 for client requests. If someone connects to Intel Corporation iParty Conferencing