TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

531

532

533

534

535

536

537

538

539

540

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

531

remote host. This Attack will ask for the interface.iftable.ifentry.ifdesc. This rule hits when PDU request for the mib

1.3.6.1.2.1.2.2.1.2 in the SNMP packet flowing towards corporate network.

Signature ID: 18004

Enumerate Lanman services via SNMP

Threat Level: Information

Industry ID: CVE-1999-0499 CVE-1999-0499 Nessus: 10547,10546,10548

Signature Description: Attackers may exploit SNMP to obtain the list of Lanman services exist. Such an attack will ask

for internet.private.enterprises.This rule hits when SNMP packet consists of MIB 77.1.2.2.1.1 which is flowing towards

corporate network.

Signature ID: 18005

Enumerate Lanman shares via SNMP

Threat Level: Information

Industry ID: CVE-1999-0499 CVE-1999-0499 Nessus: 10548,10546,10547

Signature Description: Attackers may exploit SNMP to obtain the list of Lanman shares. This Attack will ask for

internet.private.enterprises. Attacker uses OID 77.1.2.27.1.1 to gain the information about the target system. This rule

hits when an attempt made on internal systems with SNMP OID 77.1.2.27.1.1.<br>

Signature ID: 18006

Obtaining users from Enumerate Lanman via SNMP

Threat Level: Information

Industry ID: CVE-1999-0499 Nessus: 10546,10547,10548

Signature Description: Attackers may use SNMP to obtain the list of Lanman users. This Attack will ask for

internet.private.enterprises.77.1.2.25.1.1(1.3.6.1.4.1.77.1.2.25.1.1), Using this OID attacker can gain the list of users on

the target machine. Attacker uses this request to gain the users information.

Signature ID: 18007

Obtain Remote Host Process list via SNMP request

Threat Level: Information

Nessus: 10550

Signature Description: This rule triggers when SNMP request with the OID 1.3.6.1.2.1.25.4.2.1.2 is observed. It is

possible to obtain the list of running processes on the remote host by sending SNMP requests with the OID

1.3.6.1.2.1.25.4.2.1.2. An attacker may use this request to gain list of running processes on the target host.

Signature ID: 18008

Obtain OS type via SNMP request

Threat Level: Information

Nessus: 10800

Signature Description: This rule triggers when SNMP request with the OID 1.3.6.1.2.1.1.1 is observed. It is possible to

obtain full name and version identification of the system's hardware type, software operating-system, and networking

software on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.1.1. An attacker may use this

information to gain more knowledge about the target host.

Signature ID: 18009

SNMP VACM

Threat Level: Warning

Industry ID: CVE-2004-1775

Bugtraq: 5030 Nessus: 10688

Signature Description: Certain versions of Cisco Internetworking Operating System (IOS) and Catalyst Operating