TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

511

512

513

514

515

516

517

518

519

520

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

514

Signature ID: 16126

Statmon service vulnerability

Threat Level: Information

Nessus: 10236

Signature Description: Statmon uses statd and lockd to provide the crash and recovery functions for the locking

services on NFS. Statmon is vulnerable to a security threat in the future. This signature generates an event, when an

attacker try to identify whether Statmon service is running. Administrators are advised to disable the Statmon service if

it is not needed. This signature specifically detects when an attacker send request on portmap service by using tcp

service.

Signature ID: 16127

Sunlink mapper service Vulnerability

Threat Level: Information

Nessus: 10237

Signature Description: The Sunlink Mapper service is a part of the SunLink X.400 implementation for connecting

normal SMTP-MIME mail systems to X.400 networks. The Sunlink Mapper process registers itself with the RPC

portmapper as program 100033. Sunlink Mapper is vulnerable to a security threat in the future. This signature generates

an event, when an attacker try to identify whether Sunlink Mapper service is running. Administrators are advised to

disable the Sunlink Mapper service if it is not needed. This signature specifically detects when an attacker send request

on portmap service as a program 100033 by using tcp service.

Signature ID: 16128

Tfsd service vulnerability

Threat Level: Information

Nessus: 10238

Signature Description: Tfsd is the daemon for the Translucent File Service (TFS). The Translucent File Service (TFS)

supplies a copy-on-write file system, allowing users to share file hierarchies while providing each user with a private

hierarchy into which files are copied as they are modified. Tfsd is vulnerable to a security threat in the future. This

signature generates an event, when an attacker try to identify whether Tfsd service is running. Administrators are

advised to disable the Tfsd service if it is not needed. This signature specifically detects when an attacker send request

on portmap service by using tcp service.

Signature ID: 16129

Tooltalk service vulnerability

Threat Level: Warning

Industry ID: CVE-1999-0003 Bugtraq: 122 Nessus: 10239,10787

Signature Description: The ToolTalk service allows independently developed applications to communicate with each

other by exchanging ToolTalk messages. Using ToolTalk, applications can create open protocols which allow different

programs to be interchanged, and new programs to be plugged into the system with minimal reconfiguration. The

ToolTalk database server (rpc.ttdbserverd) is an RPC service which manages objects needed for the operation of the

ToolTalk service. This signature generates an event when an attacker try to identify whether ToolTalk service is

running. Administrators are advised to disable the ToolTalk service if it is not needed. This signature specifically

detects when an attacker send request by using tcp service.

Signature ID: 16130

Ypbind service Vulnerability

Threat Level: Information

Industry ID: CVE-1999-0312 Bugtraq: 52 Nessus: 10241,10244