TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
536
Signature ID: 18034
SNMP LANMAN Miscellaneous information
Threat Level: Information
Signature Description: This is an attack that retrieves miscellaneous information in the LANMAN MIB from the
SNMP daemon with the community name provided in the configuration file. This attack retrieves information that is
available to an attacker who has read access to SNMP. For to attack, the attacker uses "public" as the community name.
If SNMP system is not configured or with default settings that kind of systems are prone to this attack. This rule hits
when SNMP packet flowing towards internal network with the MIB 1.3.6.1.4.1.77.1.4.1.0.
Signature ID: 18035
Snmp Get Guessable Community
Threat Level: Information
Nessus: 10264
Signature Description: The Simple Network Management Protocol (SNMP) is a widespread protocol allowing network
administrators to obtain information on and even configure various network devices remotely. The security options for
SNMP include a list of community names. If you remove all the community names, including the default name, Public,
SNMP will respond to any community names presented. The SNMP community name is guessable, allowing anyone
who can guess the name the ability to receive responses to queries from the system. When the administrator set the
community as FirstBogus there is a chance of attacker to gain valuable information about the machine, such as
information on network devices and current open connections.
Signature ID: 18036
Snmp Get Guessable Community (internal)
Threat Level: Information
Nessus: 10264
Signature Description: The Simple Network Management Protocol (SNMP) is a widespread protocol allowing network
administrators to obtain information on and even configure various network devices remotely. The security options for
SNMP include a list of community names. If you remove all the community names, including the default name, Public,
SNMP will respond to any community names presented. The SNMP community name is guessable, allowing anyone
who can guess the name the ability to receive responses to queries from the system. When the administrator set the
community as internal there is a chance of attacker to gain valuable information about the machine, such as information
on network devices and current open connections.
Signature ID: 18037
Snmp Get Guessable Community (write)
Threat Level: Information
Nessus: 10264
Signature Description: The Simple Network Management Protocol (SNMP) is a widespread protocol allowing network
administrators to obtain information on and even configure various network devices remotely. The security options for
SNMP include a list of community names. If you remove all the community names, including the default name, Public,
SNMP will respond to any community names presented. The SNMP community name is guessable, allowing anyone
who can guess the name the ability to receive responses to queries from the system. When the administrator set the
community as write there is a chance of attacker to gain valuable information about the machine, such as information
on network devices and current open connections.