TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

531

532

533

534

535

536

537

538

539

540

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

535

the router as a text file. Ascend configuration files include the plain text passwords to the router, as well as usernames,

passwords, and phone numbers for outgoing connections. the attack works by using SNMP "set" commands to initiate a

TFTPtransfer of the config file (using the Ascend "sysConfigTftp" MIB extension). SNMP Community strings are

equal to the passwords. Ensure that Ascend router community names are not guessable.

Signature ID: 18024

SNMP Show Routes

Threat Level: Information

Signature Description: SNMP is used for network management purposes. Many information regarding the system

configuration and the network activity can be reported to a central network management station via SNMP. Many

SNMP agents support the MIB-II standard ip Route Table. This ip route table contains the IP address, its network

mask, the prototype, and the gateway of each route supported by the networked device. Attacker can gain this

information using SNMP to learn more about the connections to and from the networked device.

Signature ID: 18025

SNMP Show RMON

Threat Level: Information

Signature Description: An attacker can use SNMP (Simple Network Management Protocol) to gain valuable

information about the machine (such as information on network devices, current open connections, etc.) when SNMP

uses default words, such as public or private, for the community word. If no community is specified, then the SNMP

server responds to queries from any machine.

Signature ID: 18029

SNMPRMONGetEventCommunityStrings

Threat Level: Information

Signature Description: Some Simple Network Management Protocol (SNMP) agents do not protect against

unauthorized write access. This exploit may disable the internal loopback and external network interfaces if the

community string is easily guessed.

Signature ID: 18031

SNMP MIBII Interface Table

Threat Level: Information

Signature Description: This attack retrieves the table of network interfaces from the SNMPdaemon with the

community name provided in the configuration file.This attack retrieves information that is available to an attacker who

has read access to SNMP. This attack uses the community name specified in the configuration file and does not attempt

to guess the community name. Ensure that the community name "public" is not in use and the community names should

not be guessable.

Signature ID: 18032

SNMP LANMAN Service Table

Threat Level: Information

Signature Description: This attack retrieves the LANMAN table of services from the SNMP daemon with the

community name provided in the configuration file.This module retrieves information that is available to an attacker

who has read access to SNMP. This module uses the community name specified in the configuration file and does not

attempt to guess the community name. A separate SNMP community module is provided to probe for SNMP access.