TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

471

472

473

474

475

476

477

478

479

480

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

476

Signature ID: 12276

ICMP PING from speedera.net sites

Threat Level: Warning

Signature Description: After visiting certain speedera.net sites, several pings will be received by the host. These pings

are sent so that speedera can find the closest cache to the host. This rule is intended to distinguish the usually

benevolent speedera pings from normal, possibly malevolent pings.

Signature ID: 12277

ICMP Source Quench

Threat Level: Information

Signature Description: The Source Quench is an ICMP message which requests the sender to decrease the traffic rate

of messages to a router or host. This message may be generated if the router or host does not have sufficient buffer

space to process the request, or may occur if the router or host's buffer is approaching its limit. This could be an

indication of a routing problem, network capacity problem, or ongoing Denial of Service attack.Attackers could

potenially use ICMP source quench datagrams to rate limit a remote host that listens to unsolicited ICMP source

quench datagrams It should be noted that a Legitimate source quench datagrams will also trigger this rule

Signature ID: 12278

ICMP TJPingPro 1.1Build 2 Windows

Threat Level: Information

Signature Description: This event indicates detection of an Internet Control Message Protocol (ICMP) echo request

possibly originated from a Windows host running TJPingPro 1.1 Build 2. An ICMP echo request is used to detect

whether a networked host is active. A remote attacker may use it to gain information about hosts on a target network

and use this information for attack planning.

Signature ID: 12279

ICMP digital island bandwidth query

Threat Level: Information

Signature Description: This event indicates detection of an ICMP request generated by Digital Island. An ICMP

request can be used to get information on the bandwidth available on a connection. A remote attacker may use it to gain

information about a target network and use this information for attack planning.

Signature ID: 12280

ICMP Icmpenum v1.1.1

Threat Level: Information

Signature Description: This signature detects a scan of your network performed with the icmpenum tool. Icmpenum

v1.1.1 generates an ICMP Type 0 datagram with an ICMP ID of 666, an ICMP sequence number of 0, and an ICMP

datagram size of 0. ICMP echo requests are used to determine if a host is running at a specific IP address. A remote

attacker can scan a large range of hosts using ICMP echo requests to determine what hosts are operational on the

network This event is generated when Icmpenum v1.1.1 generates an ICMP datagram

Signature ID: 12281

ICMP superscan echo

Threat Level: Information

Signature Description: SuperScan is a windows based network scanner written by FoundStone. Before scanning a host

or network range, SuperScan will send an ICMP echo packet to test if the host is alive.This signature detects ICMP

echo packets sent by SuperScan prior to scanning a host.A network scan is often an attempt to gain information later

used to attack the host in the network.