TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

451

452

453

454

455

456

457

458

459

460

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

460

Signature ID: 12139

Session Directory Protocol (SDP) Request with a large string in Session Name field

Threat Level: Warning

Signature Description: Session Directory Protocol (SDP) is intended for describing multimedia sessions for the

purposes of session announcement, session invitation, and other forms of multimedia session initiation. A specially-

crafted SDP packet with a large string in Session Name field could potentially consume resources resulting in a DoS.

Signature ID: 12140

Session Description Protocol (SDP) Request with a large value in Media Port field

Threat Level: Warning

Industry ID: CVE-2006-0738

Signature Description: Session Description Protocol (SDP) is intended for describing multimedia sessions for the

purposes of session announcement, session invitation, and other forms of multimedia session initiation. A specially-

crafted SDP packet with a large value in Media Port field could potentially consume resources resulting in a DoS. This

signature detects attacks SIP session, UDP as transport layer.

Signature ID: 12141

Session Description Protocol (SDP) Request with an empty time desrciption field

Threat Level: Warning

Signature Description: Session Description Protocol (SDP) is intended for describing multimedia sessions for the

purposes of session announcement, session invitation, and other forms of multimedia session initiation. A specially-

crafted SDP packet with an empty value in time description field could potentially consume resources resulting in a

DoS.

Signature ID: 12142

Session Initiation Protocol (SIP) Request with a large string in Content-Type field

Threat Level: Warning

Signature Description: Session Intiation Protocol (SIP) is an ASCII-based application layer protocol used to establish,

maintain, and terminate calls between two or more endpoints. SIP uses requests and responses to establish

communication among various components of the network. A specially-crafted SIP request with a large string in

Content-Type field could potentially consume SIP proxy resources resulting in a DoS.

Signature ID: 12143

Session Initiation Protocol (SIP) Request with a Negative Value in CSeq field

Threat Level: Warning

Signature Description: Session Intiation Protocol (SIP) is an ASCII-based application layer protocol used to establish,

maintain, and terminate calls between two or more endpoints. SIP uses requests and responses to establish

communication among various components of the network. A specially-crafted SIP request with an invalid value in

CSeq field could potentially consume SIP proxy resources resulting in a DoS. This rule hits when a negative value

identified to the CSeq Field.

Signature ID: 12144

Session Initiation Protocol (SIP) Request with a Large Value in CSeq field

Threat Level: Severe

Signature Description: This rule hits when a large value identified to the CSeq field. Session Intiation Protocol (SIP) is

an ASCII-based application layer protocol used to establish, maintain, and terminate calls between two or more

endpoints. SIP uses requests and responses to establish communication among various components of the network. A