TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

501

502

503

504

505

506

507

508

509

510

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

503

Signature ID: 16059

Solaris automountd vulnerability

Threat Level: Information

Bugtraq: 235

Signature Description: Automounter daemon(amd) is a daemon that automatically mounts filesystems whenever a file

or directory within that filesystem is accessed. Filesystems are automatically unmounted when they appear to have

become quiescent. A vulnerability in that may allow an unauthorized user to send arbitrary commands to the

automounter daemons. These commands given automounter's SUID root status, then the attacker execute arbitrary

commands on the system. This signature specifically detects 'procno=3' by using udp service.

Signature ID: 16060

"Rstatd" check Vulnerability

Threat Level: Information

Signature Description: "rstatd" is an ONC RPC service that provides uptime information for remote machines. This

can be used to check a machine's load average and availability. If "rstatd" service is enabled, then the system

administrators to assess a machine's status without logging into the machine and allows other machines on local

network to get sensitive information about user computer. This signature detects when an attacker send specially-

crafted pattern to UDP RPC.

Signature ID: 16061

"rusers" service check Vulnerability

Threat Level: Information

Signature Description: "Rusers" ONC RPC service displays who is logged in to machines on local network. This

command produces output similar to "who" command. For each host responding to the rusers query, the hostname with

the names of the users currently logged on is printed on each line. This command will wait for one minute to catch late

responders. This information can be used by an attacker to obtain lists of user names to attempt brute-force password

and gain sensitive information. This signature detects when an attacker send specially-crafted pattern to UDP RPC.

Signature ID: 16062

Rpc.rquotad check Vulnerability

Threat Level: Information

Signature Description: Rpc.rquotad is an rpc server which returns quotas for a user of local file system mounted by a

remote computer over the Network File System(NFS). No authentication is performed by this service, so this

information is provided to anyone who makes request. Multiple Unix vendors install the rpc.rquotad service by default.

This service may allow remote attackers to gain information about NFS services including user/system quotas.

Administrators are advise to disable this service, if this service is not necessary.

Signature ID: 16065

RPC Portmap Getport request Vulnerability

Threat Level: Warning

Signature Description: RPC(Remote Procedure Call) portmap is a service that runs on nodes on the Internet for the

purpose of mapping on ONC RPC program number to the network address of the server that listens for the program

number. The RPC portmap Getport command is used to get the mount port number for the portmap service on the NFS

server. This signature detects when an attacker performing portmap Getport command and gain sensitive information.