TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
368
Signature ID: 4111
Arkiea Backup nlserverd Remote DOS vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0788 Bugtraq: 662
Signature Description: Knox Software Arkeia Backup application is a network backup solution. A vulnerability in the
'nlservd' executable, as packaged with Knox Software Arkeia 4.0 and 4.1, allows remote users to shut it down by
sending it large amounts of input over the network.
Signature ID: 4114
ConSeal PC Firewall denial of service vulnerability
Threat Level: Warning
Signature Description: This signature detects an attempt to exploit a denial of service vulnerability in the ConSeal
Firewall. The vulnerability exists in the ConSeal firewall product, causes the vulnerable system to reboot or lock up
when a large number of spoofed UDP packets are received by the firewall. ConSeal PC Firewall 1.2 and below
versions are vulnerable to denial of service.
Signature ID: 4115
Microsoft Windows NT RPC DoS Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0969 Bugtraq: 2234
Signature Description: Snork is a denial of service attack against the Windows NT RPC service, which allows an
attacker with minimal resources to cause a remote NT system to consume 100% CPU Usage for an indefinite period of
time. It also allows a remote attacker to utilize a very large amount of bandwidth on a remote NT network by inducing
vulnerable systems to engage in a continuous bounce of packets between all combinations of systems. This attack is
similar to those found in the "Smurf" and "Fraggle" exploits, and is known as the "Snork" attack.
Signature ID: 4200
Cisco IOS HTTP Server Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0380 Bugtraq: 1154 Nessus: 10387
Signature Description: The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows
remote attackers to cause a denial of service and cause reload, if the IOS HTTP service is enabled and browsing to
"http://<router-ip>/%%" is attempted. This event may be a false positive if cisco device is not running. This
vulnerability has been corrected and Cisco is making fixed releases available to replace all affected IOS releases.
Signature ID: 5001
Cfinger's search.**@host vulnerability
Threat Level: Information
Industry ID: CVE-1999-0259
Nessus: 10038,11006
Signature Description: There is a bug in the remote cfinger daemon which allows anyone to get the lists of the users of
this system, when issued the command: finger search.**@victim. This information helps crackers to initiate brute force
login attempts on the user list that they obtained.
Signature ID: 5002
Cfinger version disclosure vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0259
Nessus: 10651
Signature Description: In computer networking, the Finger protocol is a simple network protocols for the exchange of