Cisco Systems IPS 7.1 Home Security System User Manual


  Open as PDF
of 1042
 
B-3
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix B Signature Engines
Understanding Signature Engines
HTTP V2—Supports IOS IPS. This signature engine provides a protocol decode engine tuned
for IOS IPS. If you try to use this engine, you receive an error message.
IDENT—Inspects IDENT (client and server) traffic.
MSRPC—Inspects MSRPC traffic.
MSSQL—Inspects Microsoft SQL traffic.
NTP—Inspects NTP traffic.
P2P—Inspects P2P traffic.
RPC—Inspects RPC traffic.
SMB Advanced—Processes Microsoft SMB and Microsoft DCE/RPC (MSRPC) over SMB
packets.
Note The SMB engine has been replaced by the SMB Advanced engine. Even though the
SMB engine is still visible in IDM, IME, and the CLI, its signatures have been
obsoleted; that is, the new signatures have the obsoletes parameter set with the IDs of
their corresponding old signatures. Use the new SMB Advanced engine to rewrite any
custom signature that were in the SMB engine.
SMPT V1—Supports IOS IPS.
This signature engine provides a protocol decode engine tuned for IOS IPS. If you try to use
this engine, you receive an error message.
SNMP—Inspects SNMP traffic.
SSH—Inspects SSH traffic.
TNS—Inspects TNS traffic.
State—Conducts stateful searches of strings in protocols such as SMTP. The state engine has a
hidden configuration file that is used to define the state transitions so new state definitions can be
delivered in a signature update.
String—Searches on Regex strings based on ICMP, TCP, or UDP protocol. There are three String
engines: String ICMP, String TCP, and String UDP.
String XL—Searches on Regex strings based on ICMP, TCP, or UDP protocol.The String XL
engines provide optimized operation for the Regex accelerator card. There are three String engines:
String ICMP XL, String TCP XL, and String UDP XL.
Note The IPS 4345, IPS 4360, IPS 4510, IPS 4520, ASA 5525-X IPS SSP,
ASA 5545-X IPS SSP, ASA 5555-X IPS SSP, and ASA 5585-X IPS SSP support the
String XL engines and the Regex accelerator card.
 previous next