TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
926
Signature ID: 35325
Cisco IOS SNMP Message Processing vulnerability
Threat Level: Warning
Industry ID: CVE-2004-0714 Bugtraq: 10186
Signature Description: The Simple Network Management Protocol (SNMP) defines a standard mechanism for remote
management and monitoring of devices in an Internet Protocol (IP) network. A device or host that supports SNMP is an
SNMP entity. There are two classes of SNMP entities: SNMP managers that request information and receive
unsolicited messages and SNMP agents that respond to requests and send unsolicited messages.There are two classes of
SNMP operations: solicited operations such as 'get' or 'set', with which the SNMP manager requests or changes the
value of a managed object on an SNMP agent; and unsolicited operations such as 'trap' or 'inform' messages with which
the SNMP agent provides an unsolicited notification or alarm message to the SNMP manager.CISCO IOS is the
operating system used on the vast majority of Cisco Systems routers and all current Cisco network switches. CISCO
IOS 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly
chosen UDP port), which allows remote attackers to cause a denial of service through device reload and memory
corruption. This signature detects SNMP V3 attack vectors to randomly chosen UDP port.
Signature ID: 35326
Cisco IOS Crafted IP Option Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-0480 Bugtraq: 22211
Signature Description: The Internet Protocol (IP) is a protocol used for communicating data across a packet-switched
internetwork using the TCP/IP suite of protocols. Internet Protocol version 4 (IPv4) is the fourth iteration of the
Internet Protocol (IP) and it is the first version of the protocol to be widely deployed. IPv4 is the dominant network
layer protocol on the Internet. The creators of IPv4 included the ability to add options that provide additional flexibility
in how IP handles datagrams. The IP datagram may contain zero or more options, which makes the total length of the
Options field in the IP header variable. CISCO IOS is the operating system used on the vast majority of Cisco Systems
routers and all current Cisco network switches. A vulnerability exists in the way Cisco IOS processes a number of
different types of IPv4 packets containing a specially crafted IP option. Successful exploitation of this vulnerability
may allow an attacker to execute arbitrary code on an affected device or create a denial-of-service condition. This
signature detects attack vectors on ICMP - Echo (Type 8) - 'ping'.
Signature ID: 35332
Cisco IOS Crafted IP Option Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-0480
Bugtraq: 22211
Signature Description: The Internet Protocol (IP) is a protocol used for communicating data across a packet-switched
internetwork using the TCP/IP suite of protocols. Internet Protocol version 4 (IPv4) is the fourth iteration of the
Internet Protocol (IP) and it is the first version of the protocol to be widely deployed. IPv4 is the dominant network
layer protocol on the Internet. The creators of IPv4 included the ability to add options that provide additional flexibility
in how IP handles datagrams. The IP datagram may contain zero or more options, which makes the total length of the
Options field in the IP header variable. CISCO IOS is the operating system used on the vast majority of Cisco Systems
routers and all current Cisco network switches. A vulnerability exists in the way Cisco IOS processes a number of
different types of IPv4 packets containing a specially crafted IP option. Successful exploitation of this vulnerability
may allow an attacker to execute arbitrary code on an affected device or create a denial-of-service condition. This
signature detects attack vectors on URL Rendezvous Directory (URD - TCP port 465) packets.