TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

411

412

413

414

415

416

417

418

419

420

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

418

Signature ID: 10216

TELNET access from external network

Threat Level: Information

Industry ID: CVE-1999-0619 Nessus: 10280

Signature Description: This particular event occurs when a remote user who does not belong to the internal network

successfully connects to a telnet server. This may be a legitimate connection by an authorized user or a undesired

connection by an unauthorized user. Since telnet connections are not encrypted, it is possible that user accounts and

passwords may be sniffed and used by attackers. Telnet connections are not considered to be secure especially over the

Internet. Secure shell is the recommended service for remote connectivity since it uses encrypted sessions.

Signature ID: 10217

TELNET login failed

Threat Level: Information

Signature Description: A user tried to log on to a system via telnet, but has been rejected, either due to invalid

username, password, or both. This could mean someone is trying to log on without proper password (if there are

multiple unsuccessful logins) or they may have just mistyped the username or the password.The telnet server typically

runs on TCP port 23. Upon access to the server, account access is granted based on an unencrypted user name and

password. Upon a failed login (resulting from either an invalid account or an incorrect password), a login failure

message will be returned. This rule matches the common text "Login failed".

Signature ID: 10218

Battle-mail traffic

Threat Level: Information

Signature Description: This rule hits when an Email communications containing the string "BattleMail" has been

detected in network traffic going to a mail server on the protected network. This may indicate participation in an email

gaming system by the recipient. Email gaming is Policy violation.

Signature ID: 10220

Oracle9i Database Server XML database (XDB) FTP PASS buffer overflow

Threat Level: Severe

Industry ID: CVE-2003-0727

Bugtraq: 8375

Signature Description: Oracle9i Database Server Release 2 is vulnerable to a stack-based buffer overflow. The

vulnerability is present in the XML database FTP service. By sending an overly long PASS command, a remote

attacker could overflow a buffer and execute arbitrary code on the system. Administrators are advised to close the port

2100 for external users.

Signature ID: 10221

Oracle9i Database Server XML database (XDB) FTP UNLOCK buffer overflow

Threat Level: Severe

Industry ID: CVE-2003-0727 Bugtraq: 8375

Signature Description: Oracle9i Database Server Release 2 is vulnerable to a stack-based buffer overflow in the XML

database FTP service. By sending an overly long UNLOCK command, a remote attacker could overflow a buffer and

execute arbitrary code on the system. Administrators are advised to close the port 2100 for external users.

Signature ID: 10222

Macromedia Flash Media Server Remote Denial of Service

Threat Level: Severe

Industry ID: CVE-2005-4216

Bugtraq: 15822