TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

511

512

513

514

515

516

517

518

519

520

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

512

Signature ID: 16116

Rje mapper service

Threat Level: Information

Nessus: 10225

Signature Description: The rje_mapper is part of many Remote Job Entry (RJE) implementations. RJE is a system for

batch-oriented transfers between a host and downstream devices, such as printers. The rje_mapper service registers

with the RPC portmapper as program 100014. rje mapper is vulnerable to a security threat in the future. This signature

generates an event when an attacker try to identify whether rje service is running. Administrators are advised to disable

the rje service if it is not needed. This signature specifically detects when an attacker send request by using tcp service.

Signature ID: 16117

Rquotad service access

Threat Level: Information

Industry ID: CVE-1999-0625 Nessus: 10226

Signature Description: Rquotad is an rpc server which returns quotas for a user of a local file system which is mounted

by a remote machine over the NFS. The results are used by quota to display user quotas for remote file systems. The

rquotad daemon is normally started at boot time from the rc.net script. rquotad is vulnerable to a security threat in the

future. This signature generates an event when an attacker try to identify whether rquotad service is running.

Administrators are advised to disable the rquotad service if it is not needed. This signature specifically detects when an

attacker send request by using tcp service.

Signature ID: 16118

Rusersd service vulnerability

Threat Level: Information

Industry ID: CVE-1999-0626 Nessus: 10228,11058

Signature Description: The rusersd daemon is a server that responds to queries from the rusers command by returning a

list of users currently on the network. It provides an attacker interesting information such as how often the system is

being used, the names of the users, and so on. This daemon is normally started by the inetd daemon. This signature

generates an event when an attacker try to identify whether rusersd service is running. Administrators are advised to

disable the rusersd service if it is not needed. This signature specifically detects when an attacker send request by using

tcp service.

Signature ID: 16119

Sadmin service access

Threat Level: Information

Industry ID: CVE-1999-0977 Bugtraq: 866 Nessus: 10229

Signature Description: Sadmind is the daemon used by Solstice AdminSuite applications to perform distributed system

administration operations such as adding users. The Sadmind daemon is started automatically by the inetd daemon

whenever a request to invoke an operation is received. Sadmind is vulnerable to a security threat in the future. This

signature generates an event when an attacker try to identify whether Sadmind service is running. Administrators are

advised to disable the Sadmind service if it is not needed. This signature specifically detects when an attacker send

request by using tcp service.

Signature ID: 16121

Sunview Selection service Vulnerability

Threat Level: Warning

Industry ID: CVE-1999-0209 Bugtraq: 8 Nessus: 10231

Signature Description: The 'selection service' was used on older Sun workstations to support cross-platform copy/paste