TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
361
specified could include /dev files and therefore this could lead to a number of damaging scenarios including memory
and disk corruption, denial of service, etc.
Signature ID: 4077
Routed append attempted
Threat Level: Information
Nessus: 11822
Signature Description: Routed is a daemon used to dynamically update network routing tables. Certain operating
systems contain a routed version which allows an attacker to append certain logging data to arbitrary files on the host
machine with root privileges. Most route daemons which are based off of generic Berkeley source code have a bug
which will allow remote users to append garbage over system critical files.
Signature ID: 4078
Bay/Nortel Networks Nautica Marlin Denial of Service Vulnerablility
Threat Level: Warning
Industry ID: CVE-2000-0221 Bugtraq: 1009
Signature Description: It is possible to crash either the remote host or the gateway firewall by sending an UDP packet
of null size going to port 161 (snmp). This flaw may allow an attacker to shut down your network. Nortel Networks
Nautica Marlin is vulnerable to denial of service.
Signature ID: 4079
DDOS Stacheldraht agent->handler skillz
Threat Level: Warning
Industry ID: CVE-2000-0138
Signature Description: Stracheldraht is a Distributed denial of service tool normally found on Sun Solaris machines. It
is made up of a Client, handler and agent. Clients can connect to the handler and handlers can connect with up to 1000
agents. Communication between the client and the handler is conducted using tcp and the communication between the
handler and the agent can be either tcp or icmp_echoreply. Stacheldraht encrypts most of its communication between
clients, master servers and agents. Although Stacheldraht does encrypt the control channel between master and agent, it
does not encrypt the ICMP heartbeat packets, which are sent from agent to master. This event is raised when a
malicious message sent from the agent to the master.
Signature ID: 4080
DDOS Stacheldraht client check gag
Threat Level: Warning
Industry ID: CVE-2000-0138 Nessus: 10501
Signature Description: Stacheldraht agent may exist on the source host and a handler may exist on the destination host.
Stracheldraht is a Distributed denial of service tool normally found on Sun Solaris machines. It is made up of a Client,
handler and agent. Clients can connect to the handler and handlers can connect with up to 1000 agents. Communication
between the client and the handler is conducted using tcp and the communication between the handler and the agent
can be either tcp or icmp_echoreply. Stacheldraht encrypts most of its communication between clients, master servers
and agents. This event raise when the master is replying the Agent Request.
Signature ID: 4082
DDOS Stacheldraht client spoofworks
Threat Level: Critical
Industry ID: CVE-2000-0138 Nessus: 10501
Signature Description: Stracheldraht is a Distributed denial of service tool normally found on Sun Solaris machines. It
is made up of a Client, handler and agent. Clients can connect to the handler and handlers can connect with up to 1000