TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

581

582

583

584

585

586

587

588

589

590

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

588

Signature ID: 24015

DNS EXPLOIT sparc overflow attempt

Threat Level: Information

Signature Description: This rule raises an event when spurious DNS traffic is detected on the network.An attacker can

spoof a DNS response to misrepresent an IP to host/name pairing.The forged host name can direct a user to a

potentially hostile host.This may be the result of an improperly configured DNS server or it may be an indication that

an attack against the DNS server is underway. This signature detects sparc overflow attempt in DNS traffic.

Signature ID: 24016

DNS EXPLOIT x86 FreeBSD overflow attempt

Threat Level: Information

Signature Description: This rule raises an event when spurious DNS traffic is detected on the network.An attacker can

spoof a DNS response to misrepresent an IP to host/name pairing.The forged host name can direct a user to a

potentially hostile host.This may be the result of an improperly configured DNS server or it may be an indication that

an attack against the DNS server is underway. This signature detects, x86 FreeBSD overflow.

Signature ID: 24017

DNS EXPLOIT x86 Linux overflow attempt

Threat Level: Information

Signature Description: This rule raises an event when spurious DNS traffic is detected on the network.An attacker can

spoof a DNS response to misrepresent an IP to host/name pairing.The forged host name can direct a user to a

potentially hostile host.This may be the result of an improperly configured DNS server or it may be an indication that

an attack against the DNS server is underway. This signature detects, x86 linux overflow.

Signature ID: 24018

DNS EXPLOIT ADMv2 x86 Linux overflow attempt

Threat Level: Information

Signature Description: This rule raises an event when spurious DNS traffic is detected on the network.An attacker can

spoof a DNS response to misrepresent an IP to host/name pairing.The forged host name can direct a user to a

potentially hostile host.This may be the result of an improperly configured DNS server or it may be an indication that

an attack against the DNS server is underway. This signature detects,ADMv2 x86 Linux overflow.

Signature ID: 24019

DNS SPOOF query response attempt

Threat Level: Information

Nessus: 10728

Signature Description: BIND (Berkeley Internet Name Domain) is an implementation of the Domain Name System

(DNS) protocols and provides an openly redistributable reference implementation of the major components of the

Domain Name System. An attacker can execute this query to find DNS servers running BIND version 9 and higher.If

the response returns the BIND authors' names, the attacker knows that the version of BIND running is 9 or higher.

Signature ID: 24020

DNS SPOOF query response with TTL of 1

Threat Level: Warning

Signature Description: A root name server is a DNS server that answers requests for the DNS root zone, and redirects

requests for a particular top-level domain (TLD) to that TLD's nameservers. An attacker can execute DNS SPOOF

query with TTL=1 to find DNS servers running BIND version 9 and higher. If the response returns the BIND authors'

names, the attacker knows that the version of BIND running is 9 or higher.