TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

491

492

493

494

495

496

497

498

499

500

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

498

administrators are advised to disabled the showfhd service. This signature specifically detects when an attacker send a

request by using UDP service.

Signature ID: 16027

Snmp service vulnerability

Threat Level: Information

Nessus: 10233

Signature Description: Simple Network Management Protocol is a remote management protocols. An attacker can use

Simple Network Management Protocol to gain valuable information about the system (such as information on network

devices and current open connections) when SNMP uses default words, such as public or private, for the community

word. If no community is specified, then the SNMP server responds to queries from any system. This signature

generates an event, when an attacker try to identify whether SNMP service is running. This signature specifically

detects when an attacker send malicious pattern on UDP-RPC traffic. If SNMP service is need for network

management,properly configure with private community names.

Signature ID: 16028

Sprayd service Vulnerability

Threat Level: Information

Industry ID: CVE-1999-0613 Nessus: 10234

Signature Description: Rpc.Sprayd is the spray server. It is used mainly for testing, and often to simulate a network

load. It records the packets sent by spray, and sends a response to the originator of the packets. It sends a one-way

stream of packets to a host using RPC, and reports how many were received as well as the transfer rate. If this service is

in enabled, a remote attacker gain unauthorized information. So, the Administrators are advised to disable the Sprayd

service, if it is not necessary. This signature detects when an attacker send specially-crafted pattern on UDP RPC.

Signature ID: 16029

Statd service access

Threat Level: Warning

Industry ID: CVE-1999-0018 Bugtraq: 127 Nessus: 10235

Signature Description: Statd is the RPC NFS status daemon. It is used to communicate status information to other

services or host. The version of statd shipped with many unix implementations contains a buffer overflow condition.

This overflow condition exists in the handling of 'SM_MON' RPC requests. This signature generates an event when an

attacker try to identify whether Statd service is running. Administrators are advised to disable the Statd service if it is

not needed.

Signature ID: 16030

Statmon service vulnerability

Threat Level: Information

Nessus: 10236

Signature Description: Statmon uses statd and lockd to provide the crash and recovery functions for the locking

services on NFS. Statmon is vulnerable to a security threat in the future. This signature generates an event, when an

attacker try to identify whether Statmon service is running. Administrators are advised to disable the Statmon service if

it is not needed. This signature specifically detects when an attacker send request on portmap service by using udp

service.

Signature ID: 16031

Sunlink mapper service vulnerability

Threat Level: Information

Nessus: 10237