TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
458
Signature ID: 12128
Session Intiation Protocol Request with Large Expires field value
Threat Level: Warning
Signature Description: Session Intiation Protocol (SIP) is an ASCII-based application layer protocol used to establish,
maintain, and terminate calls between two or more endpoints. SIP uses requests and responses to establish
communication among various components of the network. A specially-crafted SIP request with a large value in
Expires field could potentially consume SIP proxy resources resulting in a DoS.
Signature ID: 12129
Session Intiation Protocol Request with Negative Expires field value
Threat Level: Warning
Signature Description: Session Intiation Protocol (SIP) is an ASCII-based application layer protocol used to establish,
maintain, and terminate calls between two or more endpoints. SIP uses requests and responses to establish
communication among various components of the network. A specially-crafted SIP request with a negative value in
Expires field could potentially consume SIP proxy resources resulting in a DoS.
Signature ID: 12130
Session Intiation Protocol Request with Negative Content Length field value
Threat Level: Warning
Signature Description: Session Intiation Protocol (SIP) is an ASCII-based application layer protocol used to establish,
maintain, and terminate calls between two or more endpoints. SIP uses requests and responses to establish
communication among various components of the network. A specially-crafted SIP request with a negative value in
Content Length field could potentially consume SIP proxy resources resulting in a DoS.
Signature ID: 12131
Session Intiation Protocol Request with Large Content Length field value
Threat Level: Warning
Signature Description: Session Intiation Protocol (SIP) is an ASCII-based application layer protocol used to establish,
maintain, and terminate calls between two or more endpoints. SIP uses requests and responses to establish
communication among various components of the network. A specially-crafted SIP request with a large value in
Content Length field could potentially consume SIP proxy resources resulting in a DoS.
Signature ID: 12132
Session Description Protocol (SDP) Time-Start field Integer Overflow vulnerability
Threat Level: Warning
Signature Description: Session Description Protocol (SDP) is intended for describing multimedia sessions for the
purposes of session announcement, session invitation, and other forms of multimedia session initiation. A specially-
crafted SDP packet with a large value in Time Start field could potentially consume resources resulting in a DoS. This
signature detects attacks SIP session, UDP as transport layer.
Signature ID: 12133
Session Description Protocol (SDP) Time-Start field Integer value negative
Threat Level: Warning
Signature Description: Session Description Protocol (SDP) is intended for describing multimedia sessions for the
purposes of session announcement, session invitation, and other forms of multimedia session initiation. A specially-
crafted SDP packet with a negative value in Time Start field could potentially consume resources resulting in a DoS.
This signature detects attacks using UDP as transport layer.