TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

401

402

403

404

405

406

407

408

409

410

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

407

Signature ID: 10006

Cobalt Web Administration Server Detection

Threat Level: Information

Nessus: 10793

Signature Description: The Cobalt Administration web server enables attackers to configure your Cobalt server if they

gain access to a valid authentication username and password. Access to this server from external network is suspecious.

Signature ID: 10007

Compaq WBEM Server Detection

Threat Level: Information

Nessus: 10746,10963

Signature Description: Compaq WBEM server enables attackers to gather sensitive information on the remote host,

especially if anonymous access has been enabled. Sensitive information includes: Platform name and version.

Signature ID: 10008

SSH Version map attempt

Threat Level: Information

Signature Description: A vulnerability exists when attempt has been made to scan for the version of the ssh daemon on

the target host. By using this, Scanners are used to find which ports a host may be listening on, whether or not the ports

are filtered by a firewall and if the host is vulnerable to a particular exploit. Any host using the ssh daemon is

vulnerable to this attack. An attacker can determine if a vulnerable version of ssh is being used on a host, then proceed

to exploit that vulnerablity.

Signature ID: 10009

SolarWinds IP scan attempt

Threat Level: Information

Signature Description: SolarWinds IP scan attempt. This event indicates that an attempt has been made to scan a host.

This may be the prelude to an attack. Scanners are used to ascertain which ports a host may be listening on, whether or

not the ports are filtered by a firewall and if the host is vulnerable to a particular exploit.

Signature ID: 10010

UPnP service discover attempt

Threat Level: Information

Signature Description: This rule is triggered when an attempt is made to discover the PnP service.An attacker may

determine if UPnP is enabled on a host and then attempt to exploit a known vulnerability in the service.

Signature ID: 10012

XTACACS logout

Threat Level: Information

Signature Description: It is possible that an attacker can make the Terminal Server (TS) which is using XTACACS as

an authentication protocol with fake disconnect messages. In order to exploit this, an attacker only have to send an

xlogout request to the XTACACS server claiming to be from the TS.

Signature ID: 10013

Cybercop udp bomb

Threat Level: Information

Signature Description: This rule hits when the attacker attempt to scan the system using Cybercop Scanner. Attacker