TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
362
agents. Communication between the client and the handler is conducted using tcp and the communication between the
handler and the agent can be either tcp or icmp_echoreply. Stacheldraht encrypts most of its communication between
clients, master servers and agents. Although Stacheldraht does encrypt the control channel between master and agent, it
does not encrypt the ICMP heartbeat packets, which are sent from agent to master. This event raise when malicious a
message sent from the master to the agent, the master is replying the Agent Request.
Signature ID: 4083
DDOS Stacheldraht gag server response
Threat Level: Warning
Industry ID: CVE-2000-0138 Nessus: 10501
Signature Description: Stracheldraht is a Distributed denial of service tool normally found on Sun Solaris machines. It
is made up of a Client, handler and agent. Clients can connect to the handler and handlers can connect with up to 1000
agents. Communication between the client and the handler is conducted using tcp and the communication between the
handler and the agent can be either tcp or icmp_echoreply. Stacheldraht combines features of the "trinoo" distributed
denial of service tool, with those of the original TFN, and adds encryption of communication between the attacker and
stacheldraht masters and automated update of the agents. Stacheldraht agent exists on the source host and a handler
exists on the destination host.
Signature ID: 4084
DDOS Stacheldraht handler->agent ficken
Threat Level: Warning
Industry ID: CVE-2000-0138 Nessus: 10501
Signature Description: Stracheldraht is a Distributed denial of service tool normally found on Sun Solaris machines. It
is made up of a Client, handler and agent. Clients can connect to the handler and handlers can connect with up to 1000
agents. Communication between the client and the handler is conducted using tcp and the communication between the
handler and the agent can be either tcp or icmp_echoreply. Stacheldraht (German for "barbed wire") combines features
of the "trinoo" distributed denial of service tool, with those of the original TFN, and adds encryption of communication
between the attacker and stacheldraht masters and automated update of the agents.Activity indicating the presence of a
variant of the Stacheldraht DDOS tool. This event raise when malicious a message sent from the agent(agent ficken) to
the master.
Signature ID: 4085
DDOS Stacheldraht handler->agent niggahbitch
Threat Level: Warning
Industry ID: CVE-2000-0138
Nessus: 10501
Signature Description: Stracheldraht is a Distributed denial of service tool normally found on Sun Solaris machines. It
is made up of a Client, handler and agent. Clients can connect to the handler and handlers can connect with up to 1000
agents. Communication between the client and the handler is conducted using tcp and the communication between the
handler and the agent can be either tcp or icmp_echoreply. Stacheldraht combines features of the "trinoo" distributed
denial of service tool, with those of the original TFN, and adds encryption of communication between the attacker and
stacheldraht masters and automated update of the agents. Activity indicating the presence of a variant of the
Stacheldraht DDOS tool.
Signature ID: 4086
DDOS Tribe Flood Network (TFN) server response
Threat Level: Severe
Industry ID: CVE-2000-0138
Nessus: 10501
Signature Description: Tribe Flood Network (TFN) is made up of client and daemon programs, which implement a
distributed network denial of service tool capable of waging ICMP flood, SYN flood, UDP flood, and Smurf style