TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
391
Signature Description: The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet
Protocol Suite. If the internal host answers to an ICMP time stamp request, it allows an attacker to know the date which
is set on your machine. This may help the attacker to bypass any time based authentication protocol checks.
Signature ID: 7008
Checkpoint SecuRemote information leakage
Threat Level: Information
Industry ID: CVE-2001-1303 Bugtraq: 3058 Nessus: 10710
Signature Description: The SecuRemote service (proprietary VPN infrastructure designed by Check Point Software)
contains a vulnerability that allows attackers to gain information about the hosts, networks, and users configured on the
Firewall. This will enable attackers to focus their attack strategy. This type of information should not be allowed to
leaked out.
Signature ID: 7009
Access to Vulnerable SOCKS version 4 Detected
Threat Level: Information
Signature Description: SOCKS v4 proxy suffers from vulnerabilities, due to which, security of the hosts/network can
be compromised. This rule hits when there has been an attempt to connect to SOCKs proxy from external, which can be
treated as suspecious activity.
Signature ID: 8002
OpenSSL V2 KEY_ARG buffer overrun
Threat Level: Information
Industry ID: CVE-2002-0656 Bugtraq: 5363,5362 Nessus: 11060
Signature Description: OpenSSL is an open source implementation of the SSL protocol. A buffer overflow
vulnerability exists in some versions of OpenSSL. During the SSL v2 negotiation phase, a malicious client can trigger a
buffer overflow by sending an SSL Client Master Key packet containing low entropy in the KEY_ARG and KEY
portions. Remote attackers can exploit this vulnerability to execute arbitrary code, or to create a denial of service
condition on an infected system. Linux.Slapper.Worm and its variants exploit this vulnerability for attacks.
Signature ID: 8003
Microsoft Windows RPC DCOM Object buffer overflow
Threat Level: Information
Industry ID: CVE-2003-0352
Bugtraq: 8205 Nessus: 11808
Signature Description: A buffer overflow vulnerability exists in Microsoft's Remote Procedure Call (RPC)
implementation. The vulnerability exists in the part of RPC that deals with message exchange over TCP/IP. The failure
results because of incorrect handling of malformed messages. This particular vulnerability affects a Distributed
Component Object Model (DCOM) interface with RPC, which listens on TCP/IP port 135. This interface handles
DCOM object activation requests that are sent by client machines (such as Universal Naming Convention (UNC) paths)
to the server. A remote attacker could exploit this vulnerability to execute arbitrary code with System Privileges or
cause a denial of service.
Signature ID: 8004
Open SSL V2 KEY_ARG buffer overrun
Threat Level: Information
Industry ID: CVE-2002-0656 Bugtraq: 5363,5362 Nessus: 11060
Signature Description: OpenSSL is an open source implementation of the SSL protocol. A buffer overflow
vulnerability exists in some versions of OpenSSL. During the SSL v2 negotiation phase, a malicious client can trigger a
buffer overflow by sending a SSL Client Master Key packet containing low entropy in the KEY_ARG and KEY