TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
507
all programs that are using it. The remote attacker could remotely unmount a shared resource to deny a resource to the
local network or a probe to discover possible routes of entry into a system. This signature detects when an attacker send
specially-crafted pattern to TCP RPC.
Signature ID: 16088
RPC mountd UDP unmount request Vulnerability
Threat Level: Warning
Signature Description: Unmount is a reverse operation of mount. This command is used to flushes a device, and stops
all programs that are using it. The remote attacker could remotely unmount a shared resource to deny a resource to the
local network or a probe to discover possible routes of entry into a system. This signature detects when an attacker send
specially-crafted pattern to UDP RPC.
Signature ID: 16089
RPC mountd TCP unmountall request Vulnerability
Threat Level: Information
Signature Description: Unmount is a reverse operation of mount. This command is used to flushes a device, and stops
all programs that are using it. The remote attacker could remotely unmount a shared resource to deny a resource to the
local network or a probe to discover possible routes of entry into a system. This signature detects when an attacker send
specially-crafted pattern on TCP RPC.
Signature ID: 16090
RPC mountd UDP unmountall request Vulnerability
Threat Level: Information
Signature Description: Unmount is a reverse operation of mount. This command is used to flushes a device, and stops
all programs that are using it. The remote attacker could remotely unmount a shared resource to deny a resource to the
local network or a probe to discover possible routes of entry into a system. This signature detects when an attacker send
specially-crafted pattern on UDP RPC.
Signature ID: 16091
RPC yppasswd user update UDP
Threat Level: Information
Signature Description: A vulnerability exists in some versions of the rpc.ypasswd service that can lead to a remote root
compromise of a vulnerable host. This activity may be an intelligence gathering exercise to ascertain whether or not the
host is vulnerable to this attack. This activity may also indicate a possible compromise of a NIS server via a legitimate
user account the attacker has previously garnered.Compromise of a master NIS server may present the attacker with
easy access to all NIS resources the machine is connected to. Administrators are advised to disable the rpc.ypasswd
service if it is not needed. This signature specifically detects when an attacker send request on portmap service by using
udp service.
Signature ID: 16092
RPC yppasswd user update TCP
Threat Level: Information
Signature Description: A vulnerability exists in some versions of the rpc.ypasswd service that can lead to a remote root
compromise of a vulnerable host. This activity may be an intelligence gathering exercise to ascertain whether or not the
host is vulnerable to this attack. This activity may also indicate a possible compromise of a NIS server via a legitimate
user account the attacker has previously garnered.Compromise of a master NIS server may present the attacker with
easy access to all NIS resources the machine is connected to. Administrators are advised to disable the rpc.ypasswd
service if it is not needed. This signature specifically detects when an attacker send request on portmap service by using
tcp service.