TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

421

422

423

424

425

426

427

428

429

430

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

426

Signature ID: 10509

HTTP ActiveState Perl directory traversal Vulnerability

Threat Level: Information

Nessus: 11007

Signature Description: This rule will trigger, when an attempt is made to compromise a host running a Web server or a

vulnerable application on a web server. Issue present in performing stringent checks when validating the credentials of

a client host connecting to the services offered on a host server. This can lead to unauthorized access and possibly

escalated privileges to that of the administrator. It execute arbitrary commands on the remote server by using

ActiveState's perl and data stored on the machine can be compromised and trust relationships between the victim server

and other hosts can be exploited by the attacker.

Signature ID: 10511

FTP CWD possible warez site

Threat Level: Information

Signature Description: An attempt is made to navigate in an FTP session to a hidden directory name that begins with a

space.An attacker may attempt to navigate on an FTP server to a directory name that begins with a space to list or store

unauthorized files such as unlicensed software. This is the characteristic of a Warez site.

Signature ID: 10513

FTP MKD possible warez site

Threat Level: Information

Signature Description: An attempt is made to create a directory name that begins with a space on an FTP server.

Unauthorized file storage. An attacker may attempt to create a directory name that begins with a space on an FTP

server, possibly in preparation to store unauthorized files.

Signature ID: 10514

POLICY FTP MKD / possible warez site

Threat Level: Information

Signature Description: An attacker may attempt to create a hidden directory name that begins with "/ " on an FTP

server . This hidden directory is hard to discover, permitting attackers to store unauthorized "warez" files, such as

licensed or pirated software.

Signature ID: 10515

FTP RETR 1MB file access

Threat Level: Information

Signature Description: An attempt is made to retrieve a file named 1mb from an ftp server. Such activities are

indicators of scanning. Impact: Possible abuse ftp behavior by hordes of warez sites, and the existance of

(potentially) illegal files/software on an ftp server. Attack Scenarios: As part of an attempt to store elite

warez on an ftp server, an attacker named the file "1mb" to indicate it's size. This file is likely part of an

archive that represents a larger, most likely illegal copy of media. Corrective Action: Inspect the ftp

server for a file named 1mb and check its legitimacy . This file may be deposited by someone attempting to use the

server to distribute non-legitimate files.

Signature ID: 10516

FTP STOR 1MB file access

Threat Level: Information

Signature Description: This event is generated when an attempt is made to store a file named 1mb on an ftp server.

Such activities are indicators of scanning. Impact: Possible abuse ftp behavior by hordes of warez sites, and