Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

B-66

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Appendix B Signature Engines

String XL Engines

For More Information

• For an example custom String engine signature, see Example String TCP Engine Signature,

page 8-41.

• For more information on the parameters common to all signature engines, see Master Engine,

page B-4.

String XL Engines

Note The IPS 4345, IPS 4360, IPS 4510, IPS 4520, ASA 5525-X IPS SSP, ASA 5545-X IPS SSP,

ASA 5555-X IPS SSP, and ASA 5585-X IPS SSP support the String XL engines and the Regex

accelerator card.

The String XL engines do the same thing as the other String engines—provide a matching capability of

one string per signature—but they use a different Regex syntax.The String TCP XL engine is

stream-based and uses cross-packet inspection (XPI). The packets must be in order. UDP and ICMP are

both stateless, thus the String UDP XL and String ICMP XL signature engines require no session state

to be allocated and so each packet is a separate search.

The Regex accelerator card is used for both the standard String engines and the String XL engines. Most

standard String engine signatures can be compiled and analyzed by the Regex accelerator card without

modification. However, there are special circumstances in which the standard String engine signatures

cannot be compiled for the Regex accelerator card. In these situations a new signature is written in a

String XL engine using the specific parameters in the String XL engine that do compile on the Regex

accelerator card. The new signature in the String XL engine obsoletes the original signature in the

standard String engine.

Although you can use regular expression syntax or raw expression syntax, raw expression syntax is for

expert users only. When configuring String XL signatures, the regex-string parameter is required unless

you are using raw expression syntax.

Note Raw Regex is regular expression syntax used for raw mode processing. It is expert mode only and

targeted for use by the Cisco IPS signature development team or only those who are under supervision

by the Cisco IPS signature development team. You can configure a String XL signature in either regular

Regex or raw Regex.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems IPS 7.1 Home Security System User Manual