Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

8-34

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 8 Defining Signatures

Configuring Signatures

1307 TCP Window Variation Fires when the right edge

of the recv window for

TCP moves to the right

(decreases).

TCP Idle Timeout

3600

Deny Connection Inline

Produce Alert

1308 TTL Evasion

Fires when the TTL seen

on one direction of a

session is higher than the

minimum that has been

observed.

TCP Idle Timeout

3600

Modify Packet Inline

1309 TCP Reserved Flags Set Fires when the reserved

bits (including bits used

for ECN) are set on the

TCP header.

TCP Idle Timeout

3600

Modify Packet Inline

Produce Alert

1311 TCP Packet Exceeds MSS Fires when a packet

exceeds the MSS that was

exchanged during the

three-way handshake.

TCP Idle Timeout

3600

Produce Alert

1312 TCP MSS Below Minimum Fires when the MSS

value in a packet

containing a SYN flag is

less that TCP Min MSS.

TCP Min MSS 400

(0-16000)

TCP Idle Timeout

3600

Modify Packet Inline

1313 TCP Max MSS Fires when the MSS

value in a packet

containing a SYN flag

exceed TCP Max MSS

TCP Max MSS1460

(0-16000)

Modify Packet Inline

disabled

1314 TCP Data SYN Fires when TCP payload

is sent in the SYN packet.

— Deny Packet Inline

disabled

1315 ACK Without TCP Stream Fires when an ACK

packet is sent that does

not belong to a stream.

— Produce Alert disabled

1317 Zero Window Probe Fires when a zero

window probe packet is

detected.

Modify Packet Inline

removes data from the

Zero Window Probe

packet.

Modify Packet Inline

1330

0 TCP Drop - Bad Checksum Fires when TCP packet

has bad checksum.

Modify Packet Inline

corrects the

checksum.

Deny Packet Inline

1330 1 TCP Drop - Bad TCP Flags Fires when TCP packet

has bad flag combination.

— Deny Packet Inline

1330 2 TCP Drop - Urgent Pointer With

No Flag

Fires when TCP packet

has a URG pointer and no

URG flag.

Modify Packet Inline

clears the pointer.

Modify Packet Inline

disabled

Table 8-6 TCP Stream Reassembly Signatures (continued)

Signature ID and Name Description

Parameter With

Default Value and

Range Default Actions

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems IPS 7.1 Home Security System User Manual