TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

591

592

593

594

595

596

597

598

599

600

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

596

Signature ID: 27000

BACKDOOR Remote PC Access D4

Threat Level: Information

Signature Description: This event indicates that an attempt has been made to connect to a host using the Remote PC

Access Server. This event may also be generated when an attacker uses Nessus to scan for Remote PC Access. Remote

PC is used to remotely administer hosts via the Internet. It offers complete control of the client machine via a TCP

connection. Login information is transmitted in clear text across a TCP connection, so the attacker could recover this

information by capturing a legitimate session. It may also be possible for an attacker to gain access by utilizing a brute

force attack to discover the password to connect.

Signature ID: 28003

Access to infectious site

Threat Level: Information

Signature Description: A compromised DNS server returns the following IP address for any hostname lookup in

.COM: 209.123.63.168. The IP address return a simple HTML page with the embedded URLs, and they are capable of

dropping malware on your machine, so DO NOT browse to them.

Signature ID: 28004

Access to infectious site

Threat Level: Information

Signature Description: A compromised DNS server returns the following IP address for any hostname lookup in

.COM: 64.21.61.5. The IP address return a simple HTML page with the embedded URLs, and they are capable of

dropping malware on your machine, so DO NOT browse to them.

Signature ID: 28005

Access to infectious site

Threat Level: Information

Signature Description: A compromised DNS server returns the following IP address for any hostname lookup in

.COM: 205.162.201.11. The IP address return a simple HTML page with the embedded URLs, and they are capable of

dropping malware on your machine, so DO NOT browse to them.

Signature ID: 28006

Infectious site Access Vulnerability

Threat Level: Information

Signature Description: The systems are directed to a site that is capable of installing malwares in the systems. A

malicious server poisons the entire .COM domain. It returns the following 3 IP addresses for any hostname lookup in

.COM: 209.123.63.168 / 64.21.61.5 / 205.162.201.11. The 3 IP addresses return a simple HTML page with the

following embedded URLs. These servers are capable of dropping malware on your machine, so DO NOT browse to

them: vparivalka.org/G7/anticheatsys.php?id=36381 AND find-it.web-search.la

Signature ID: 28007

MALWARE 180solutions Update Engine Access Vulnerability

Threat Level: Information

Signature Description: Malwares are the software's that pass user's activities to external sites. 180Solutions is a family

of malicious adware programs that can infects system silently and installing itself in the background. It displays lots of

annoying pop-up and pop-under advertisements, slowing the victim's system and internet connection in the process.