TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

541

542

543

544

545

546

547

548

549

550

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

548

Signature ID: 20004

Echo port open

Threat Level: Information

Industry ID: CVE-1999-0103 CVE-1999-0635 Nessus: 10061

Signature Description: The 'echo' service runs on TCP/UDP port 7, and it is not useful nowadays. It can be used along

with other ports to perform a denial of service. It is highly recommanded to disable this service.

Signature ID: 20006

Netstat Service access

Threat Level: Information

Industry ID: CVE-1999-0650 Nessus: 10157

Signature Description: The 'netstat' service runs on TCP port 15, and provides useful state information about the active

connections. Crackers may use this information to gain very senstive data, so it is recommanded to turn-off this service

unless it is needed for system administrators.

Signature ID: 20007

Quote of the day service access

Threat Level: Information

Industry ID: CVE-1999-0103 CVE-1999-0635 Nessus: 10198

Signature Description: The quote server (qotd) listens for TCP connections on TCP port 17. Once a connection is

established a short message is sent out the connection (and any data received is thrown away). The service closes the

connection after sending the quote. This service may also run on UDP port 17. An attacker can launch a denial of

Service attack against this service and the network can be saturated by attacker traffic.

Signature ID: 20011

Systat service access

Threat Level: Information

Industry ID: CVE-1999-0103 CVE-1999-0635 Nessus: 10275

Signature Description: Using 'systat' service, attackers can gain sensitive information such as which processes are

running, who is running them. It is highly recommended to turn off this. This service will run on Tcp Port 11. If the

Server responce has the data "PID" it can be treated as an attack.

Signature ID: 20012

Xtux server detection

Threat Level: Information

Industry ID: CVE-2002-0431

Bugtraq: 4260 Nessus: 10757,11016

Signature Description: Xtux is a multi-player game, suffers from a vulnerability. If an attacker connects to it and sends

garbage data, the server may go in loop and overload the CPU.

Signature ID: 20014

Windows Terminal Service Enabled

Threat Level: Information

Industry ID: CVE-2001-0540

Bugtraq: 3099 Nessus: 10891

Signature Description: The Terminal Services are enabled on the remote host. If an attacker gains a valid login and

password, the attacker may be able to use this service to gain further access on the remote host via a large number of

malformed Remote Desktop Protocol (RDP) requests to port 3389.The attacker can able to cause denial of service

affecting the Terminal service and other applications running on the affected host.