Filter
Top Products
B-44
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix B Signature Engines
Service Engines
Table B-20 lists the parameters specific to the Service Generic engine.
For More Information
• For more information on the parameters common to all signature engines, see Master Engine,
page B-4.
• For a list of the signature regular expression syntax, see Regular Expression Syntax, page B-9.
Table B-20 Service Generic Engine Parameters
Parameter Description Value
specify-dst-port {yes |
no}
(Optional) Enables the destination port:
• dst-port—Specifies the destination port of
interest for this signature.
0 to 65535
specify-ip-protocol
{yes | no}
(Optional) Enables IP protocol:
• ip-protocol—Specifies the IP protocol this
inspector should examine.
0 to 255
specify-payload-source
{yes | no}
(Optional) Enables payload source inspection:
• payload-source—Specifies the payload source
inspection for the following types:
–
Inspects ICMP data
–
Inspects Layer 2 headers
–
Inspects Layer 3 headers
–
Inspects Layer 4 headers
–
Inspects TCP data
–
Inspects UDP data
icmp-data
l2-header
l3-header
l4-header
tcp-data
udp-data
specify-src-port {yes |
no}
(Optional) Enables the source port:
• src-port—Specifies the source port of interest
for this signature.
0 to 65535
specify-regex-string
{yes | no}
Specifies the regular expression to look for when the
policy type is Regex:
• regex-string—Specifies a regular expression to
search for in a single TCP packet.
• (Optional) specify-min-match-length—Enables
minimum match length for use:
–
min-match-length—Specifies the minimum
length of the Regex match required to
constitute a match.
string
0 to 65535
swap-attacker-victim Swaps the attacker and victim addresses and ports
(source and destination) in the alert message and in
any actions taken.
true | false (default)