Filter
Top Products
B-53
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix B Signature Engines
Service Engines
Table B-25 lists the parameters specific to the Service MSSQL engine.
For More Information
For more information on the parameters common to all signature engines, see Master Engine, page B-4.
Service NTP Engine
The Service NTP engine inspects NTP protocol. There is one NTP signature, the NTP readvar overflow
signature, which fires an alert if a readvar command is seen with NTP data that is too large for the NTP
service to capture. You can tune this signature and create custom signatures based on NTP protocol
values, such as mode and size of control packets.
Table B-26 lists the parameters specific to the Service NTP engine.
Table B-25 Service MSSQL Engine Parameters
Parameter Description Value
password-present Specifies whether or not a password was used in an MS SQL
login.
true | false
specify-sql-username (Optional) Enables using an SQL username:
• sql-username—Specifies the username (exact match) of
user logging in to MS SQL service.
sa
Table B-26 Service NTP Engine Parameters
Parameter Description Value
inspection-type Specifies the type of inspection to perform. inspect-ntp-packets
is-invalid-data-packet
is-non-ntp-traffic
inspect-ntp-packets Enables inspection of NTP packets:
• control-opcode—Specifies the opcode
number of an NTP control packet according
to RFC1305, Appendix B.
• max-control-data-size—Specifies the
maximum allowed amount of data sent in a
control packet.
• mode—Specifies the mode of operation of
the NTP packet per RFC 1305.
0 to 65535
is-invalid-data-packet Enables inspection of invalid NTP data packets
and checks the structure of the NTP data packet
to make sure it is the correct size.
—
is-non-ntp-traffic Enables the inspection of nonNTP packets on an
NTP port.
—