TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

461

462

463

464

465

466

467

468

469

470

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

468

Signature ID: 12234

ICMP Mobile Registration Reply

Threat Level: Information

Signature Description: This rule hits when a network host generates an ICMP Mobile Registration Reply. RFC3344 (IP

Mobility Support for IPv4) defined newer version of ICMP Mobile Registration Reply using UDP/TCP and ICMP

version was never in use. ICMP Mobile Registration reply datagrams should not be present in normal networking

traffic.

Signature ID: 12235

ICMP Mobile Registration Reply undefined code

Threat Level: Information

Signature Description: This rule hits when a network host generates an ICMP Mobile Registration Reply with

undefined code. RFC3344 (IP Mobility Support for IPv4) defined newer version of ICMP Mobile Registration Reply

using UDP/TCP and ICMP version was never in use. ICMP Mobile Registration reply datagrams should not be present

in normal networking traffic. Sending a ICMP message with undefined ICMP Code values should be cosidered as a

nefarious activity on the network.

Signature ID: 12236

ICMP Mobile Registration Request

Threat Level: Information

Signature Description: This rule hits when a network host generates an ICMP Mobile Registration Request datagram.

RFC3344 (IP Mobility Support for IPv4) defined newer version of mobile registeration request using UDP/TCP and

ICMP version was never in use. ICMP Mobile Registration Request datagrams should never be seen in normal

networking conditions.

Signature ID: 12237

ICMP Mobile Registration Request undefined code

Threat Level: Information

Signature Description: This rule hits when a network host generates an ICMP Mobile Registration Request datagram.

RFC3344 (IP Mobility Support for IPv4) defined newer version of mobile registeration request using UDP/TCP and

ICMP version was never in use. ICMP Mobile Registration Request datagrams should never be seen in normal

networking conditions. Undefined ICMP Code values should never be seen on the network. This could be an indication

of nefarious activity on the network

Signature ID: 12238

ICMP PING undefined code

Threat Level: Information

Signature Description: This rule gets hit when an external user pings an internal server using an echo request ICMP

type with ICMP Code greater than zero (undefined). This may indicate an attempt to scan the network or cause a denial

of service using a "ping flood." Sending a ICMP message with undefined ICMP Code values should be considered as a

nefarious activity on the network.<br>

Signature ID: 12239

ICMP Parameter Problem Bad Length Datagram

Threat Level: Information

Signature Description: This rule gets hit when a router generates an ICMP Parameter Problem Bad Length datagram. A

router generates a Parameter Problem message for any error not specifically covered by another ICMP message. An