B-31
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix B Signature Engines
Fixed Engine
Table B-11 lists the parameters specific to the Fixed TCP engine.
specify-icmp-type {yes | no} (Optional) Enables inspection of the
Layer 4 ICMP header type:
• icmp-type—Specifies the value of the
ICMP header TYPE.
0 to 65535
swap-attacker-victim Swaps the attacker and victim addresses
and ports (source and destination) in the
alert message and in any actions taken.
false | true (default)
Table B-10 Fixed ICMP Engine Parameters (continued)
Parameter Description Value
Table B-11 Fixed TCP Engine Parameters
Parameter Description Value
direction Specifies the direction of traffic:
• Traffic from service port destined to
client port.
• Traffic from client port destined to
service port.
from-service
to-service
max-payload-inspect-length Specifies the maximum inspection depth
for the signature.
1 to 250
regex-string Specifies the regular expression to search
for in a single packet.
string
specify-exact-match-offset
{yes | no}
(Optional) Enables exact match offset:
• exact-match-offset—Specifies the
exact stream offset the regex-string
must report for a match to be valid.
0 to 65535
specify-min-match-length {yes
| no}
(Optional) Enables minimum match length:
• min-match-length—Specifies the
minimum number of bytes the
regex-string must match.
0 to 65535
exclude-service-ports {yes |
no}
Enables service ports for use:
• excluded-service-ports—Specifies a
comma-separated list of ports or port
ranges to exclude.
0 to 65535
1
a-b[,c-d]
1. The second number in the range must be greater than or equal to the first number.
swap-attacker-victim Swaps the attacker and victim addresses
and ports (source and destination) in the
alert message and in any actions taken.
false | true(default)