Filter
Top Products
8-51
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 8 Defining Signatures
Creating Custom Signatures
Example IPv6 Engine Signature
Caution A custom signature can affect the performance of your sensor. Test the custom signature against a
baseline sensor performance for your network to determine the overall impact of the signature.
The following example Atomic IP Advanced custom signature prohibits Protocol ID 88 over IPv6.
To create a signature based on the Atomic IP Advanced signature engine, follow these steps:
Step 1 Log in to the CLI using an account with administrator or operator privileges.
Step 2 Enter signature definition submode.
sensor# configure terminal
sensor(config)# service signature-definition sig0
Step 3 Specify a signature ID and a subsignature ID for the signature. Custom signatures are in the range of
60000 to 65000.
sensor(config-sig)# signatures 60000 0
Step 4 Specify the signature engine.
sensor(config-sig-sig)# engine atomic-ip-advanced
Step 5 Specify the IP version.
sensor(config-sig-sig-ato)# specify-ip-version yes
Step 6 Specify IPv6.
sensor(config-sig-sig-ato-yes)# version ipv6
Step 7 Specify the L4 protocol.
sensor(config-sig-sig-ato-yes-ipv)# exit
sensor(config-sig-sig-ato-yes)# exit
sensor(config-sig-sig-ato)# specify-l4-protocol yes
Step 8 Specify protocol ID 88.
sensor(config-sig-sig-ato-yes)# l4-protocol other-protocol
sensor(config-sig-sig-ato-yes-oth)# other-ip-protocol-id 88
Step 9 Verify the settings.
sensor(config-sig-sig-ato-yes-oth)# show settings
other-protocol
-----------------------------------------------
other-ip-protocol-id: 88
-----------------------------------------------
sensor(config-sig-sig-ato-yes-oth)#
Step 10 Exit signature definition submode.
sensor(config-sig-sig-ato-yes-oth)# exit
sensor(config-sig-sig-ato-yes)# exit
sensor(config-sig-sig-ato)# exit
sensor(config-sig-sig)# exit
sensor(config-sig)# exit
Apply Changes?[yes]: