TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
534
Signature ID: 18018
SNMP MIB-II Address table
Threat Level: Information
Signature Description: This attack retrieves the table of IP addresses from the SNMP daemon with the community
name provided in the configuration file. This attack retrieves information that is available to an attacker who has read
access to SNMP. This attack uses the community name specified in the configuration file and does not attempt to guess
the community name. Ensure that the community name "public" is not in use and the community names should not be
guessable. This rule will trigger when a SNMP packet with pdu value 1.3.6.1.2.1.7.5.1.1 comes from external network
to the internal network.
Signature ID: 18019
SNMP MIB-II ARP table
Threat Level: Information
Signature Description: This is an attack that retrieves the ARP table (which contains IP address to hardware address
translations) from the SNMP daemon with the community name provided in the configuration file. This module
retrieves information that is available to an attacker who has read access to SNMP. This Attack will ask for
1.3.6.1.2.4.22.1.1. This rule hits when SNMP packet flowing towards internal network which consists of the MIB
1.3.6.1.2.1.4.22.1.1.
Signature ID: 18020
SNMP MIB-II Routing table
Threat Level: Information
Signature Description: This is an attack that retrieves the IP routing table from the SNMP daemon with the community
name provided in the configuration file. This module retrieves information that is available to an attacker who has read
access to SNMP. This rule hits when SNMP packet flowing towards internal network with the MIB
1.3.6.1.2.1.4.21.1.1. Attacker uses this technique to gain the functionality information about the SNMP Daemon.
Signature ID: 18021
SNMP LANMAN Miscellaneous information
Threat Level: Information
Signature Description: This is an attack that retrieves miscellaneous information in the LANMAN MIB from the
SNMP daemon with the community name provided in the configuration file. This attack retrieves information that is
available to an attacker who has read access to SNMP.For to attack, the attacker uses "public" as the community name.
If SNMP system is not configured or with default settings that kind of systems are prone to this attack. This rule hits
when SNMP packet flowing towards internal network with the MIB 1.3.6.1.4.1.77.1.2.15.0.
Signature ID: 18022
SNMP SunMib Process Table
Threat Level: Information
Signature Description: This is an attack that retrieves the process table from the SNMP daemon with the community
name provided in the configuration file.Successful attack Provides to an attacker with a process listing on the target
host enables them to obtain a listing of services and processes running which may be vulnerable to additional problems.
Signature ID: 18023
Ascend SNMP/TFTP Configuration File Retrieval
Threat Level: Information
Signature Description: Ascend router and access server platforms are remotely manageable via the SNMP protocol.
The Ascend hooks for SNMP management include the capability to download and upload the entire configuration of