TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
511
some holes in RPC services like yppupdated. keyserv service is listen on both tcp and udp ports. This signature
generates an event when an attacker try to identify whether keyserv service is running. Administrators are advised to
disable the keyserv service if it is not needed. This signature specifically detects when an attacker send request by using
tcp service.
Signature ID: 16110
Llockmgr service access
Threat Level: Information
Nessus: 10218
Signature Description: The llockmgr is part of the file locking manager system for NFS. It generates local file locking
operations in response to requests from client lock managers. The llockmgr service registers with the RPC portmapper
as program 100020. This service may become a security threat. llockmgr service is listen on both tcp and udp ports.
This signature generates an event when an attacker try to identify whether llockmgr service is running. Administrators
are advised to disable the llockmgr service if it is not needed. This signature specifically detects when an attacker send
request by using tcp service.
Signature ID: 16111
"rpc.nfsd" service Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0832 Bugtraq: 782 Nessus: 10219
Signature Description: The rpc.nfsd program implements the user level part of the NFS service. The main functionality
is handled by the nfsd.o kernel module; the user space program starts the specified number of kernel threads. This
signature detects when an attacker try to identify whether the nfsd RPC service is running. If this service is running that
can allow an intruder to execute arbitrary commands on the system. The Administrators are advised to disabled the
rpc.nfsd service, if it is not necessary. This signature specifically detects when an attacker send request by using TCP
service.
Signature ID: 16112
Nlockmgr service access
Threat Level: Information
Industry ID: CVE-2000-0508 Bugtraq: 1372 Nessus: 10220
Signature Description: The nlockmgr is part of the file locking manager system for NFS. It forwards local file locking
requests to the lock manager on the server system. The nlockmgr service registers with the RPC portmapper as program
100021. This service may become a security threat. This signature generates an event when an attacker try to identify
whether llockmgr service is running. Administrators are advised to disable the llockmgr service if it is not needed. This
signature specifically detects when an attacker send request by using tcp service.
Signature ID: 16115
Rexd service access
Threat Level: Information
Industry ID: CVE-1999-0627 Bugtraq: 37 Nessus: 10224
Signature Description: The rexd daemon executes programs for remote machines when a client issues a request to
execute a program on a remote machine. The rexd daemon can use the network file system (NFS) to mount the file
systems specified in the remote execution request. A request for remote command execution contains, among others,
the command to be executed, and a user and group id. By default, the rexd server believes everything that the client
sends it. rexd is vulnerable to a security threat in the future. This signature generates an event when an attacker try to
identify whether rexd service is running. Administrators are advised to disable the rexd service if it is not needed. This
signature specifically detects when an attacker send request by using tcp service.