TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
533
internal network without being physically present locally. If the access point is using an 'off-the-shelf' configuration,
the data being passed through the access point may be vulnerable to hijacking or sniffing. This SNMP daemon retrieves
information that is available to an attacker who has read access to SNMP. This module uses the community name
specified in the configuration file and does not attempt to guess the community name. This Attack will ask for mib
value 1.3.6.1.2.1.1.6.0
Signature ID: 18014
SNMP MIB-II Miscellaneous data
Threat Level: Information
Nessus: 11026
Signature Description: An attacker gathers miscellaneous information from the SNMP daemon with the community
name provided in the configuration file. A misconfigured access point will allow an attacker to gain access to an
internal network without being physically present locally. If the access point is using an 'off-the-shelf' configuration,
the data being passed through the access point may be vulnerable to hijacking or sniffing. This SNMP daemon retrieves
information that is available to an attacker who has read access to SNMP. This module uses the community name
specified in the configuration file and does not attempt to guess the community name. This Attack will ask for mib
value 1.3.6.1.2.1.1.3.0
Signature ID: 18015
SNMP MIB-II Miscellaneous data
Threat Level: Information
Nessus: 11026
Signature Description: An attacker gathers miscellaneous information from the SNMP daemon with the community
name provided in the configuration file. A misconfigured access point will allow an attacker to gain access to an
internal network without being physically present locally. If the access point is using an 'off-the-shelf' configuration,
the data being passed through the access point may be vulnerable to hijacking or sniffing. This SNMP daemon retrieves
information that is available to an attacker who has read access to SNMP. This module uses the community name
specified in the configuration file and does not attempt to guess the community name. This Attack will ask for mib
value 1.3.6.1.2.1.4.1.0
Signature ID: 18016
SNMP MIB-II TCP table
Threat Level: Information
Signature Description: SNMP is used for network management purposes. Many information regarding the system
configuration and the network activity can be reported to a central network management station via SNMP. An
attackers retrieves the table of listening TCP ports from the SNMP daemon with the community name provided in the
configuration file. This rule will trigger when a SNMP packet with mib value 1.3.6.1.2.1.6.13.1.1 comes from external
network to the internal network.
Signature ID: 18017
SNMP MIB-II UDP table
Threat Level: Information
Signature Description: SNMP is used for network management purposes. Many information regarding the system
configuration and the network activity can be reported to a central network management station via SNMP. An
attackers retrieves the table of listening UDP ports from the SNMP daemon with the community name provided in the
configuration file. This rule will trigger when a SNMP packet with mib value 1.3.6.1.2.1.7.5.1.1 comes from external
network to the internal network.