TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
726
Signature ID: 31385
Malware Web Sony DRM Reporting 1
Threat Level: Severe
Signature Description: The Sony messaging system works, Whenever a user plays an affected XCP CD, and whenever
a user browses within certain sections of the player, it sends a message to Sony's connected.sonymusic.com server. A
"uId" parameter marks the CD being played and the specific section of the player in use. This event indicates malware
traffic from infected systems in the Local Area Network (LAN). The systems are directed to a site that is capable of
installing malwares in the systems. Malwares are the softwares that pass user's activities to external sites.
Signature ID: 31386
Malware Web Sony DRM Reporting 2
Threat Level: Severe
Signature Description: The Sony messaging system works Whenever a user plays an affected XCP CD, and whenever
a user browses within certain sections of the player, the player sends a message to Sony's connected.sonymusic.com
server. This event indicates malware traffic from infected systems in the Local Area Network (LAN). The systems are
directed to a site that is capable of installing malwares in the systems. Malwares are the software's that pass user's
activities to external sites.This signature triggers when the outbound users try connect to "connected.sonymusic.com"
server through User-Agent SecureNet Xtra.
Signature ID: 31548
BOTNET HTTP Botnet reg
Threat Level: Warning
Signature Description: Botnet is a collection of software robots,or bots,which run autonomously. A botnet's originator
can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes.The process
starts by depending on attacker's skills, by either editing known bots available on the internet warez sites or writing
own code with primary configurable component being, IRC server where the bot will connect once installed on victim
machine, remote IRC TCP service port to connect, private channel name to join, password or key to authenticate the
bots access to that private channel.Additionally, depending on the specific bot used, the attacker may change the
location & name of file that is placed on directory of infected machine. Further the attacker may choose to use dynamic
or multiple channels that a bots joins so that to maintain access to their botnet army in case they are banned from a
specific IRC server. To achieve this, the attackers generally use service providers like dyndns.com or no-ip.com to
associate dynamic ip mapping to IRC server for bots to join. The most serious preventative measures utilize rate-based
intrusion prevention systems implemented with specialized hardware.
Signature ID: 31549
BOTNET BwB Botnet Checkin
Threat Level: Warning
Signature Description: Botnet is a collection of software robots,or bots,which run autonomously.A botnet's originator
can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes.The process
starts by depending on attacker's skills, by either editing known bots available on the internet warez sites or writing
own code with primary configurable component being, IRC server where the bot will connect once installed on victim
machine, remote IRC TCP service port to connect, private channel name to join, password or key to authenticate the
bots access to that private channel.Additionally, depending on the specific bot used, the attacker may change the
location & name of file that is placed on directory of infected machine. Further the attacker may choose to use dynamic
or multiple channels that a bots joins so that to maintain access to their botnet army in case they are banned from a
specific IRC server. To achieve this, the attackers generally use service providers like dyndns.com or no-ip.com to
associate dynamic ip mapping to IRC server for bots to join. The most serious preventative measures utilize rate-based
intrusion prevention systems implemented with specialized hardware.