TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
541
Signature ID: 18056
SNMP-Kill-Auth-Trap
Threat Level: Information
Signature Description: Simple Network Management Protocol is used in network management systems to monitor
network-attached devices. Many SNMP agents are configured to send an SNMP trap or notification to a management
station when the agent receives SNMP messages that fail authentication tests. If the SnmpEnableAuthenTraps object
can be written, these notifications can be silenced, preventing the agent from issuing notification. Administrators are
advised to set the community string to a value that is hard to guess to resolve this issue.
Signature ID: 18057
Default community names of the SNMP Agent (hp_admin)
Threat Level: Information
Industry ID: CVE-1999-0517 CVE-1999-0186 CVE-1999-0254 CVE-1999-0516 Bugtraq: 177,6825,2112 Nessus:
10264,10265
Signature Description: The Simple Network Management Protocol (SNMP) is a widespread protocol allowing network
administrators to obtain information on and even configure various network devices remotely. The security options for
SNMP include a list of community names. By allowing remote users access to the SNMP Agent with the well known
public community name hp_admin, remote attackers may gain very valuable information(depending on which MIBs
are installed) about the system and networks they are attacking. Also if a 'writeall' access can be gained, this could be a
huge security hole, enabling attackers to wreck complete havoc, route packets and etc.
Signature ID: 18059
Default community names of the SNMP Agent (openview)
Threat Level: Warning
Industry ID: CVE-1999-0517 CVE-1999-0186 CVE-1999-0254 CVE-1999-0516 Bugtraq: 177,6825,2112 Nessus:
10264,10265
Signature Description: The Simple Network Management Protocol (SNMP) is a widespread protocol allowing network
administrators to obtain information on and even configure various network devices remotely. The security options for
SNMP include a list of community names. By allowing remote users access to the SNMP Agent with the well known
public community name openview, remote attackers may gain very valuable information(depending on which MIBs are
installed) about the system and networks they are attacking. Also if a 'writeall' access can be gained, this could be a
huge security hole, enabling attackers to wreck complete havoc, route packets and etc.
Signature ID: 18060
Default community names of the SNMP Agent (monitor)
Threat Level: Warning
Industry ID: CVE-1999-0517
CVE-1999-0186 CVE-1999-0254 CVE-1999-0516 Bugtraq: 177,6825,2112 Nessus:
10264,10265
Signature Description: The Simple Network Management Protocol (SNMP) is a widespread protocol allowing network
administrators to obtain information on and even configure various network devices remotely. The security options for
SNMP include a list of community names. By allowing remote users access to the SNMP Agent with the well known
public community name monitor, remote attackers may gain very valuable information(depending on which MIBs are
installed) about the system and networks they are attacking. Also if a 'writeall' access can be gained, this could be a
huge security hole, enabling attackers to wreck complete havoc, route packets and etc.
Signature ID: 18061
Default community names of the SNMP Agent (system)
Threat Level: Warning
Industry ID: CVE-1999-0517
CVE-1999-0186 CVE-1999-0254 CVE-1999-0516 Bugtraq: 177,6825,2112 Nessus: