TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
427
the<br>existance of (potentially) illegal files/software on an ftp server.<br><br>Attack Scenarios:<br>As part of an
attempt to store elite warez on an ftp server, an<br>attacker named the file "1mb" to indicate it's size. This file
is<br>likely part of an archive that represents a larger, most likely<br>illegal copy of media.<br><br>Corrective
Action:<br>Inspect the ftp server for a file named 1mb and check its legitimacy . This file may be deposited by
someone attempting to use the server to distribute non-legitimate files.<br><br><br><br>
Signature ID: 10517
FTP file_id.diz access possible warez site
Threat Level: Information
Signature Description: This event is generated when an attempt is made to retrieve a file called file_id.diz'.<br>Impact:
Such files are sometimes used on 'warez' sites to describe the contents <br>of a directory.<br>The affected systems are
the machines running ftp servers. <br>The corrective action is to Verify the location and contents of the 'file_id.diz'
files on your ftp server and take appropriate action.<br>
Signature ID: 10518
POLICY IPSec PGPNet connection attempt Vulnerability
Threat Level: Information
Signature Description: PGPNET(PGPNET is an encrypted discussion list. It provide cryptography, anonymous
remailers, privacy, computer security) which is full IPSec(Internet Protocol Security is a suite of protocols for securing
Internet Protocol(IP) communications by authenticating and/or encrypting each IP packet in a data stream) client
implementation. This signature detects when a user send data, then an attacker violate a corporate security policy and
then access the information.
Signature ID: 10520
Xtacacs accepted login response Vulnerability
Threat Level: Information
Signature Description: The Extended Terminal Access Controller Access Control System (XTACACS) is an
authentication and authorization protocol derived from CISCO TACACS. It is used in tcp/ip networks where network
servers authenticate clients from a master server. An attempt is made to login using XTACACS from a machine outside
the local area network. This may be an intelligence gathering activity or an attempt to access resources controlled by
the XTACACS server. This may also be an attempt to gain unauthorized access to resources with the credentials of a
valid user using brute force methodology. This signature detects the response pattern.
Signature ID: 10521
Xtacacs login attempt
Threat Level: Information
Signature Description: The Extended Terminal Access Controller Access Control System (XTACACS) is an
authentication and authorization protocol derived from CISCO TACACS. It is used in tcp/ip networks where network
servers authenticate clients from a master server. An attempt is made to login using XTACACS from a machine outside
the local area network. This may be an intelligence gathering activity or an attempt to access resources controlled by
the XTACACS server. This may also be an attempt to gain unauthorized access to resources with the credentials of a
valid user using brute force methodology.
Signature ID: 11001
Malformed imap Request. with No Argument
Threat Level: Information
Signature Description: Normally IMAP request are on the form COMMAND ARGUMENT. This rule hits when IPS
device detects a request with no argument, which is suspicious. The administrator is advised to track this connection.