TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

411

412

413

414

415

416

417

418

419

420

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

412

gain more knowledge. This will help him to plan attacking strategy. This rule detects any activty with an active Nessus

Daemon running in internal network.

Signature ID: 10127

Oracle Web Administration Server Detection

Threat Level: Information

Nessus: 10738

Signature Description: Oracle Administration web server enables attackers to configure your Oracle Database server if

they gain access to a valid authentication username and password. This rule triggers whenever there is a login failure

message from the server to some outside connection.

Signature ID: 10131

SiteScope Web Administration Server Detection

Threat Level: Information

Nessus: 10741

Signature Description: The siteScope Administrator server enables attackers to configure your SiteScope product

(Firewall monitoring program) if they gain access to a valid authentication username and password or to gain valid

usernames and passwords using a brute force attack. Disable the SiteScope Administration web server if it is

unnecessary, or block incoming traffic to this port to resolve the issue.

Signature ID: 10134

Tripwire for Webpages Detection

Threat Level: Information

Nessus: 10743

Signature Description: Tripwire is a commercial product that monitors for changes in web pages. The information

gathered by Tripwire is generally useful to an attacker doing reconnaissance before launching an actual attack. Tripwire

under the Apache web server software allows attackers to gather sensitive information about your server configuration.

Signature ID: 10135

Ultraseek Web Server Detect

Threat Level: Information

Industry ID: CVE-2000-1019

CVE-1999-0996 Bugtraq: 874,1866 Nessus: 10791

Signature Description: Ultraseek Web Server has been known to contain security vulnerabilities ranging from Buffer

Overflows to Cross Site Scripting issues. This rule hits when the traffic flowing towards Ultraseek Web Server.

Administrators are advised to give permisions to the authenticated users.

Signature ID: 10137

Access to vqServer Administrative Port

Threat Level: Information

Industry ID: CVE-2000-0766

Bugtraq: 1610 Nessus: 10354

Signature Description: VqSoft's VqServer is a powerful but easy to use free web server. It Supports Java servlets, CGI

scripts and password protection of files and directories. On vqServer, Brute force guessing of the username/password is

possible, and a bug in versions 1.9.9 and below allows configuration file retrieval remotely. This rule triggers because

administrative port 9090 is accessible from external network.