TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

551

552

553

554

555

556

557

558

559

560

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

551

Signature ID: 20027

3com hiper telnet denial of service

Threat Level: Information

Industry ID: CVE-1999-1336

Nessus: 10108

Signature Description: The HiPer access router card set is a complete solution for internet service providers and large

corporate networks that require high-performance routing technology. The HiPer Access Router Card is part of the

HiPer access system . HiPer Access Router Card (HiperARC 4.0 through 4.2.29) is vulnerable to a denial of service via

a flood of inquiry access code packets with data 254 36 185 On tcp port 23. Upgrade the patches are available from

vendors web site.

Signature ID: 20028

Livingston Portmaster crash vulnerability

Threat Level: Information

Industry ID: CVE-2000-0074 Bugtraq: 2225,2653 Nessus: 10182

Signature Description: Portmaster series of routers are designed for organizations where large numbers of users or

employees require access to network resources over standard telephone lines rather than leased lines. Livingston

Portmaster(1.0 through 3.0) is vulnerable to buffer overflow by sending two characters(0xFF and 0xF3). A attacker

may use this flaw to prevent the internet access. This attack will send the following Data to the Tcp Port 23 FF F3 FF

F3 FF F3 FF F3 FF F3. No remedy available as of August 30, 2008.

Signature ID: 20029

Sun Telnet daemon denial of service attack

Threat Level: Severe

Industry ID: CVE-1999-0273 Nessus: 10272

Signature Description: Solaris 2.x shipped with a Telnet server that is vulnerable to a denial of service attack. It is

possible to make the remote server, sometimes the kernel crash by flooding it with ^D characters instead of entering

Signature ID: 20030

Cisco 760/766 access router login denial of service

Threat Level: Information

Signature Description: Cisco 760-series routers are remote access routers for ISDN connections. Due to an

implementation problem, they are vulnerable to an attack that can cause the router to crash and reboot.The attack works

by responding to the router's "Password" prompt with an overly-long random string. This overflows a buffer in the

router, which subsequently crashes.<br>This rule might be a false positive if Cisco device is not running.

Signature ID: 20031

Standard & Poors login attempt

Threat Level: Information

Industry ID: CVE-2000-0109

Bugtraq: 1080 Nessus: 10418

Signature Description: Standard & Poor's ComStock provides stock quotes and news as a real-time feed on dedicated

circuits. ComStock offers a 'Client Site Processor' as a means of receiving their data feed. ComStock MultiCSP 4.2 is

vulnerabile. The MultiCSP application software in S&P's ComStock version is installed with several accounts having

insecure default passwords and could allow an attacker to gain root privileges. No remedy available as of August 30,

2008.