TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

541

542

543

544

545

546

547

548

549

550

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

545

of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via GetRequest,

GetNextRequest, and SetRequest messages.

Signature ID: 18096

SNMP: wrong PDU value

Threat Level: Critical

Signature Description: An SNMP PDU contains the body of the SNMP message. There are several types of PDUs.

Three common PDUs are GetRequest, GetResponse, SetRequest.This rule hits when SNMP packet received with an

unknown PDU value is detected. This is most likely a malicious request.

Signature ID: 18097

SNMP: wrong Version value

Threat Level: Information

Signature Description: SNMP Version number in the SNMP packet occupies in one byte space. Currently available

SNMP versions are V1, Version 2, and Version 3. If any number other than 1,2,3 is received as SNMP version, then

rule hits.SNMP packet with an unknown Version field is detected.

Signature ID: 18098

SNMP: wrong length

Threat Level: Critical

Industry ID: CVE-2002-0012 Bugtraq: 4088 Nessus: 10266

Signature Description: Attacker can make DoS attack on SNMP service by sending malformed SNMP packet with

invalid length.SNMP packet with invalid data length may cause the router to crash. This flaw may allow an attacker to

shut down your network. This rule hits for invalid length found in the SNMP packet.

Signature ID: 18099

SNMP : wrong data type

Threat Level: Critical

Signature Description: SNMP uses three simple data types to identify its protocol fields. Integer data type (range -

2147483648 to 2147483647), octet strings(range 0 to 65535), Object IDs (set of all object identifiers allocated).

Application Wide data types like Network addresses, counters, Gauges, Time ticks, Opaques, Integers, Unsigned

Integers are used as Data types. This Rule hits when wrong data type observed in the SNMP packet, Attacker uses can

make DoS on SNMP servers by putting invalid data or data type instead of the expected data type.

Signature ID: 18100

SNMP request to a broadcast address

Threat Level: Information

Industry ID: CVE-2002-0013

CVE-2002-0012 CVE-1999-1570 CVE-2002-0013 Bugtraq: 4132,4089,4088 Nessus:

10858,10987

Signature Description: This indicates detection of a Simple Network Management Protocol (SNMP) request sent to a

broadcast address. SNMP is used to manage a variety of networking devices from different manufacturers. A remote

attacker can broadcast SNMP requests to discover various SNMP services which are supported on a target network.

The attacker can use this information to plan future attacks.

Signature ID: 18101

SNMP request messages from PROTOS c06-snmpv1 test suite

Threat Level: Information

Industry ID: CVE-2002-0013

Bugtraq: 5043

Signature Description: This rule tries to detect SNMP request messages from PROTOS test suite. The Simple Network