TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

491

492

493

494

495

496

497

498

499

500

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

496

Signature ID: 16012

Llockmgr service vulnerability

Threat Level: Information

Nessus: 10218

Signature Description: The llockmgr is part of the file locking manager system for NFS. It generates local file locking

operations in response to requests from client lock managers. The llockmgr service registers with the RPC portmapper

as program 100020. This service may become a security threat. This rule generates an event when an attacker try to

know the llockmgr service is running or not by using portmap request. Administrators are advised to determine if the

llockmgr daemon is running, and if so, disable the daemon.

Signature ID: 16013

RPC UDP Portmapper DUMP Call request Vulnerability

Threat Level: Warning

Signature Description: The RPC portmapper is a server that converts RPC program numbers into UDP/IP protocol

numbers. It must be running in order to make RPC calls to RPC servers on that machine. When an RPC server is

started, it will tell portmap what port number it is listening to, and what RPC program numbers it is prepared to serve.

Attackers can send a DUMP RPC call to the Portmap daemon to obtain a list of available RPC programs for a host.

This successful exploitation of this issue will allow an attacker to gain information and more targeted attacks. This

signature specifically detects when an attacker send request by using udp service.

Signature ID: 16014

Nlockmgr service vulnerability

Threat Level: Information

Industry ID: CVE-2000-0508 Bugtraq: 1372 Nessus: 10220

Signature Description: The nlockmgr is part of the file locking manager system for NFS. It forwards local file locking

requests to the lock manager on the server system. The nlockmgr service registers with the RPC portmapper as program

100021. This service may become a security threat. This signature generates an event when an attacker probes to

identify whether the nlockmgr RPC service is running. This service should be disabled if the system is not acting as

either an NFS client or server.

Signature ID: 16018

Rexd service vulnerability

Threat Level: Information

Industry ID: CVE-1999-0627

Bugtraq: 37 Nessus: 10224

Signature Description: The rexd daemon executes programs for remote machines when a client issues a request to

execute a program on a remote machine. The inetd daemon starts the rexd daemon from the /etc/inetd.conf file. The

rexd daemon can use the network file system (NFS) to mount the file systems specified in the remote execution

request.A request for remote command execution contains, among others, the command to be executed, and a user and

group id. By default, the rexd server believes everything that the client sends it. rexd is vulnerable to a security threat in

the future. Administrators are advised to disable the rexd service if it is not needed.

Signature ID: 16019

Rje mapper service vulnerability

Threat Level: Information

Nessus: 10225

Signature Description: The rje_mapper is part of many Remote Job Entry (RJE) implementations. RJE is a system for

batch-oriented transfers between a host and downstream devices, such as printers. The rje_mapper service registers