TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

361

362

363

364

365

366

367

368

369

370

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

367

Signature ID: 4104

Cisco Service Control Engine SSH credentials DOS Vulnerability

Threat Level: Severe

Industry ID: CVE-2008-0535

Bugtraq: 29316,29609

Signature Description: The Iconfident SSH is a Secure Shell (SSH) server that runs on VxWorks-based systems. The

vulnerability in SSH server, Cisco Service Control Engine (SCE) before 3.1.6, and Icon Labs Iconfidant SSH before

2.3.8, allows remote attackers to cause a denial of service via SSH credentials that attempt to change the authentication

method.

Signature ID: 4105

TCPDump ISAKMP Identification Payload Integer Underflow Vulnerability

Threat Level: Warning

Industry ID: CVE-2004-0184 Bugtraq: 10004

Signature Description: The Tcpdump tool allows for the inspection of network packets and contains decoders for many

standard protocols, including the Internet Security Association and Key Management Protocol (ISAKMP). The

ISAKMP "Identification Payload" contains information used for determining the identities of communicating peers and

may be used for determining authenticity of information. isakmp_id_print for TCPDUMP 3.8.1 and earlier versions are

contain integer underflow, the remote attackers to cause a denial of service (crash) by sending an ISAKMP packet with

an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-

bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Signature ID: 4107

NAPTHA DOS Attempt

Threat Level: Warning

Industry ID: CVE-2000-1039 Bugtraq: 2022

Signature Description: Naptha refers to a family of DoS methods that exploit the way TCP/IP stacks and network

applications handle the state of a TCP connection. An attacker can exhaust the resources of applications or operating

systems by creating a suitably large number of TCP connections and leaving them in certain states (e.g.

ESTABLISHED or FIN WAIT -1).

Signature ID: 4109

DOS UDP echo+chargen bomb Attempting vulnerability

Threat Level: Warning

Industry ID: CVE-1999-0635 CVE-1999-0103

Signature Description: Echo and chargen, or other combinations of UDP services, can be used in tandem to UDP

bomb, this is an attempt to issue a Denial of Service attack against a host or network by generating traffic between your

udp echo port and their udp chargen port. When a connection is established between two these UDP services, each of

which produces output, these two services can produce a very high number of packets that can lead to a denial of

service on the machines.

Signature ID: 4110

Windows NT/2000 malformed print request vulnerability

Threat Level: Severe

Industry ID: CVE-2000-0232

Bugtraq: 1082

Signature Description: The TCP/IP Printing Service is the mechanism used for print service integration with Unix

environments.It relies on port 515 for data transmittal. In Windows NT up to version 4.0 SP6 and Windows 2000, a

malformed print request sent to this particular port can cause the service to cease functioning and can affect other

services as well, including SimpTCP, DHCPServer, FTPSvc, LPDSvc, and BinlSvc. The service will require to be

stopped and restarted in order to regain normal functionality.