Filter
Top Products
7-38
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
Chapter 7 Defining Signatures
Configuring Signatures
The following options apply:
•
tcp-3-way-handshake-required [true | false]—Specifies that the sensor should only track sessions
for which the 3-way handshake is completed. The default is true.
•
tcp-reassembly-mode—Specifies the mode the sensor should use to reassemble TCP sessions:
–
strict—Only allows the next expected in the sequence (default).
–
loose—Allows gaps in the sequence.
–
asym—Allows asymmetric traffic to be reassembled.
Caution
The asymmetric option disables TCP window evasion checking.
Configuring the TCP Stream Reassembly Parameters
To configure the TCP stream reassembly parameters, follow these steps:
Step 1
Log in to the CLI using an account with administrator or operator privileges.
Step 2
Enter TCP stream reassembly submode.
sensor# configure terminal
sensor(config)# service signature-definition sig1
sensor(config-sig)# stream-reassembly
Step 3
Specify that the sensor should only track session for which the 3-way handshake is completed.
sensor(config-sig-str)# tcp-3-way-handshake-required true
Step 4
Specify the mode the sensor should use to reassemble TCP sessions.
sensor(config-sig-str)# tcp-reassembly-mode strict
Step 5
Verify the settings.
sensor(config-sig-str)# show settings
stream-reassembly
-----------------------------------------------
tcp-3-way-handshake-required: true default: true
tcp-reassembly-mode: strict default: strict
-----------------------------------------------
sensor(config-sig-str)#
Step 6
Exit signature definition submode.
sensor(config-sig-str)# exit
sensor(config-sig)# exit
Apply Changes:?[yes]:
Step 7
Press Enter to apply the changes or enter
no
to discard them.
For More Information
For information on asymmetric inspection options for sensors configured in inline mode, see Inline TCP
Session Tracking Mode, page 5-3 and Adding, Editing, and Deleting Virtual Sensors, page 5-4.