Cisco Systems IPS 7.1 Home Security System User Manual


  Open as PDF
of 1042
 
B-69
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix B Signature Engines
Sweep Engines
Unsupported String XL Parameters
Although you see the end-optional and specify-max-stream-length parameters in the String XL engine,
they are disabled in IPS 7.1(1)E4. You receive an error message if you try to configure them. For
example, here is the error message you receive after you create a signature using
specify-max-stream-length and then try to save it:
Apply Changes?[yes]: yes
Error: string-xl-tcp 60003.0 : Maximum Stream Length is currently not supported.
Please don't use this option.
The configuration changes failed validation, no changes were applied.
Would you like to return to edit mode to correct the errors? [yes]:
For More Information
For more information on the parameters common to all signature engines, see Master Engine,
page B-4
For example String XL engine signatures, see Example String XL TCP Engine Match Offset
Signature, page 8-52 and Example String XL TCP Engine Minimum Match Length Signature,
page 8-55.
Sweep Engines
This section describes the Sweep engines, and contains the following topics:
Sweep Engine, page B-69
Sweep Other TCP Engine, page B-72
Sweep Engine
The Sweep engine analyzes traffic between two hosts or from one host to many hosts. You can tune the
existing signatures or create custom signatures. The Sweep engine has protocol-specific parameters for
ICMP, UDP, and TCP.
strip-telnet-options Strips the Telnet option characters from the data
before the pattern is searched.
2
true | false
(default)
swap-attacker-victim True if address (and ports) source and destination
are swapped in the alert message. False for no
swap (default).
true| false
(default)
utf8 Treats all legal UTF-8 byte sequences in the
expression as a single character.
true | false
(default)
1. The second number in the range must be greater than or equal to the first number.
2. This parameter is primarily used as an IPS anti-evasion tool.
Table B-36 String XL Engine Parameters (continued) (continued)
Parameter Description Value
 previous next