Filter
Top Products
B-55
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix B Signature Engines
Service Engines
For More Information
• For more information on the parameters common to all signature engines, see Master Engine,
page B-4.
• For a list of the signature regular expression syntax, see Regular Expression Syntax, page B-9.
specify-regex-string {yes |
no}
(Optional) Enables using a regular expression string:
• specify-exact-match-offset—Enables the exact
match offset:
–
exact-match-offset—Specifies the exact
stream offset the regular expression string
must report for a match to be valid.
• specify-min-match-length—Enables the
minimum match length:
–
min-match-length—Specifies the minimum
number of bytes the regular expression
string must match.
0 to 65535
specify-is-spoof-src {yes |
no}
(Optional) Enables the spoof source address:
• is-spoof-src—Fires an alert when the source
address is 127.0.0.1.
true | false
specify-port-map-program
{yes | no}
(Optional) Enables the portmapper program:
• port-map-program—Specifies the program
number sent to the portmapper for this signature.
0 to 9999999999
specify-rpc-max-length
{yes | no}
(Optional) Enables RPC maximum length:
• rpc-max-length—Specifies the maximum
allowed length of the entire RPC message.
Note Lengths longer than what you specify fire an
alert.
0 to 65535
specify-rpc-procedure
{yes | no}
(Optional) Enables RPC procedure:
• rpc-procedure—Specifies the RPC procedure
number for this signature.
0 to 1000000
specify-rpc-program {yes |
no}
(Optional) Enables RPC program:
• rpc-program—Specifies the RPC program
number for this signature.
0 to 1000000
swap-attacker-victim Swaps the attacker and victim addresses and ports
(source and destination) in the alert message and in
any actions taken.
true| false(default)
1. The second number in the range must be greater than or equal to the first number.
Table B-27 Service RPC Engine Parameters (continued)
Parameter Description Value