TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
593
Signature ID: 25027
WinGate telnet server response vulnerability
Threat Level: Information
Signature Description: WinGate is an Internet connectivity server and firewall package that allows you to share a
single (or multiple) Internet connections with an entire computer network. The Internet connection shared by WinGate
can be of nearly any type, including dial up modem, ISDN, xDSL, cable modem, satellite connection, or even dedicated
T1 circuits. WinGate also protects your internal network with its firewall component. The WinGate firewall prevents
intruders from accessing your internal network. Wingate proxies should be secured and only permit local access.This is
generic signature for detecting normal traffic for wingate server.
Signature ID: 25038
PCAnywhere server response
Threat Level: Warning
Signature Description: PcAnywhere is a remote control administrative software package from Symantec. Symantec
pcAnywhere 12.5 is the world’s leading remote control solution. It lets you manage computers efficiently,
resolve helpdesk issues quickly, and connect to remote devices simply and securely. This rule is triggered when
PCAnywhere server response on port 5632 is detected.
Signature ID: 25039
SMTP relaying denied
Threat Level: Information
Signature Description: This rule hits when an unauthorised attempt made to use mail service, or attempt to relaying the
mail. attackers uses this technique to gather information about the mail server. successful attempt on server may
disclouse server details to the attacker or unauthorised user. This rule may hit for the improper use of smtp server.<br>
Signature ID: 25040
HP JetDirect LCD modification attempt
Threat Level: Information
Bugtraq: 2245 Nessus: 10103
Signature Description: HP JetDirect enabled printers provide a function (PJL command) that changes the LCD display
on a printer over TCP/IP. Arbitrary strings can be sent to the LCD display by a remote user using this command.The
ability to modify the display could be used in some sort of "social engineering" scheme for gathering more information
about the target victim. This attempt works on port 9100 via TCP.
Signature ID: 25041
HP JetDirect LCD modification attempt
Threat Level: Information
Industry ID: CVE-10103 Bugtraq: 2245
Signature Description: HP JetDirect enabled printers provide a function (PJL command) that changes the LCD display
on a printer over TCP/IP. Arbitrary strings can be sent to the LCD display by a remote user using this command.The
ability to modify the display could be used in some sort of "social engineering" scheme for gathering more information
about the target victim. This attempt works on port 9000-9002 via TCP.
Signature ID: 25043
Large ICMP Packet
Threat Level: Information
Signature Description: ICMP is used to pass an error message between two hosts or a host and a network device such
as a router. This event is generated when a large ICMP packet is detected. Also known as the Ping of Death