Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

8-38

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 8 Defining Signatures

Configuring Signatures

sensor(config-sig-sig-nor)# exit

sensor(config-sig-sig)# exit

sensor(config-sig)# exit

Apply Changes:?[yes]:

Step 9 Press Enter for apply the changes or enter no to discard them.

Configuring the Mode for TCP Stream Reassembly

Note The parameters tcp-3-way-handshake-required and tcp-reassembly-mode only impact sensors

inspecting traffic in promiscuous mode, not inline mode. To configure asymmetric options for sensors

inspecting inline traffic, use the inline-TCP-evasion-protection-mode parameter.

Use the stream-reassembly command in the signature definition submode to configure the mode that

the sensor will use to reassemble TCP sessions. The following options apply:

• tcp-3-way-handshake-required [true | false]—Specifies that the sensor should only track sessions

for which the 3-way handshake is completed. The default is true.

• tcp-reassembly-mode—Specifies the mode the sensor should use to reassemble TCP sessions:

–

strict—Only allows the next expected in the sequence (default).

–

loose—Allows gaps in the sequence.

–

asym—Allows asymmetric traffic to be reassembled.

Caution The asymmetric option disables TCP window evasion checking.

Configuring the TCP Stream Reassembly Parameters

To configure the TCP stream reassembly parameters, follow these steps:

Step 1 Log in to the CLI using an account with administrator or operator privileges.

Step 2 Enter TCP stream reassembly submode.

sensor# configure terminal

sensor(config)# service signature-definition sig1

sensor(config-sig)# stream-reassembly

Step 3 Specify that the sensor should only track session for which the 3-way handshake is completed.

sensor(config-sig-str)# tcp-3-way-handshake-required true

Step 4 Specify the mode the sensor should use to reassemble TCP sessions.

sensor(config-sig-str)# tcp-reassembly-mode strict

Step 5 Verify the settings.

sensor(config-sig-str)# show settings

stream-reassembly

-----------------------------------------------

tcp-3-way-handshake-required: true default: true

tcp-reassembly-mode: strict default: strict

-----------------------------------------------

previous next