TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
499
Signature Description: The Sunlink Mapper service is a part of the SunLink X.400 implementation for connecting
normal SMTP-MIME mail systems to X.400 networks. The Sunlink Mapper process registers itself with the RPC
portmapper as program 100033. Sunlink Mapper is vulnerable to a security threat in the future. This signature generates
an event, when an attacker try to identify whether Sunlink Mapper service is running. Administrators are advised to
disable the Sunlink Mapper service if it is not needed. This signature specifically detects when an attacker send request
on portmap service as a program 100033 by using udp service.
Signature ID: 16032
Tfsd service vulnerability
Threat Level: Information
Nessus: 10238
Signature Description: Tfsd is the daemon for the Translucent File Service (TFS). The Translucent File Service (TFS)
supplies a copy-on-write file system, allowing users to share file hierarchies while providing each user with a private
hierarchy into which files are copied as they are modified. Tfsd is vulnerable to a security threat in the future. This
signature generates an event, when an attacker try to identify whether Tfsd service is running. Administrators are
advised to disable the Tfsd service if it is not needed. This signature specifically detects when an attacker send request
on portmap service by using udp service.
Signature ID: 16033
Tooltalk service vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0003 Bugtraq: 122 Nessus: 10239,10787
Signature Description: The ToolTalk service allows independently developed applications to communicate with each
other by exchanging ToolTalk messages. Using ToolTalk, applications can create open protocols which allow different
programs to be interchanged, and new programs to be plugged into the system with minimal reconfiguration. The
ToolTalk database server (rpc.ttdbserverd) is an RPC service which manages objects needed for the operation of the
ToolTalk service. This signature generates an event when an attacker try to identify whether ToolTalk service is
running. Administrators are advised to disable the ToolTalk service if it is not needed. This signature specifically
detects when an attacker send request by using udp service.
Signature ID: 16036
Ypbind service vulnerability
Threat Level: Information
Industry ID: CVE-1999-0312
Bugtraq: 52 Nessus: 10241,10244
Signature Description: Ypbind finds the server for NIS domains and maintains the NIS binding information. The client
(normaly the NIS routines in the standard C library)could get the information over RPC from Ypbind or read the
binding files. The binding files resides in the directory /var/yp/bind-ing. Ypbind is vulnerable to a security threat in the
future. This signature generates an event, when an attacker try to identify whether Ypbind service is running.
Administrators are advised to disable the Ypbind service if it is not needed. This signature specifically detects when an
attacker send request on portmap service by using udp service.
Signature ID: 16037
Yppasswd service vulnerability
Threat Level: Information
Nessus: 10242,11021,10684
Signature Description: The Yppasswdd server is used to handle password change requests from Yppasswd and modify
the NIS password file. Yppasswdd is vulnerable to a security threat in the future. This signature generates an event,
when an attacker try to identify whether Yppasswdd service is running. Administrators are advised to disable the
Yppasswdd service if it is not needed. This signature specifically detects when an attacker send request on portmap
service by using udp service.