TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

431

432

433

434

435

436

437

438

439

440

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

439

Signature ID: 12002

Access to Vulnerable X Server

Threat Level: Warning

Industry ID: CVE-1999-0526

Nessus: 10407

Signature Description: X11 is a client-server protocol, which can be used to display graphical applications running on a

remote host. Since the X11 traffic is not ciphered, it is possible for an attacker to eavesdrop on the connection. There

have been been other vulnerabilities, reported for X server, like font path vulnerability, which may lead to a root

compromise. It is advised to turn off this service.

Signature ID: 12003

Symantec PCAnywhere faile Login attempt

Threat Level: Information

Signature Description: This rule gets hit when a failed attempt is made to gain access to a system running

PCAnywhere. PCAnywhere is an application produced by Symantec and is used to manage remote computers securely

across multiple platforms. If improperly configured, pcAnywere could provide an attacker unauthorized access to your

system.

Signature ID: 12008

Access to AppleShare IP Server with Status Query

Threat Level: Information

Nessus: 10666

Signature Description: AppleShare IP file service runs on TCP port 548, and is vulnerable to information disclosure. A

remote attacker can issues DSIGetStatus to get the information about the system. It is advised to turn-off this service.

Signature ID: 12009

Cisco Catalyst Switch DoS Vulnerability

Threat Level: Warning

Industry ID: CVE-1999-0430 Bugtraq: 705 Nessus: 10046

Signature Description: It is possible to make certain versions of cisco routers to crash the remotely. A vulnerability

(addressed by the software bug ID CSCdi74333) exists in cisco routers, which results to crash if connected to port 7161

and carriage return is sent. A cracker may use this flaw to make your router crash continuously, thus preventing your

network from working properly. The Cisco Catalyst 12xx, 29xx and 5xxx family running Supervisor software are

affected by this issue.

Signature ID: 12010

Attempt of Gopher request

Threat Level: Warning

Signature Description: Gopher is a protocol, which allows server based text files to be hierarchically organized and

easily viewed by end users who can access the server using Gopher applications on remote computers. Microsoft

Internet Explorer is hard coded to work on TCP port 70. Gopher support was turned off by default in Internet Explorer

6 and later versions. By making gopher requests, an attacker may evade firewall settings, by making connections to

TCP port 70 or may even exploit arcane flaws in this protocol to gain more privileges on the host. Therefore it is safe to

disable access to this service from external network.

Signature ID: 12011

Attempt to access FTP sites using Gopher server as proxy

Threat Level: Warning

Signature Description: This rule gets hit when an attempt is made to connect to an FTP server by using a Gopher server