B-71
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix B Signature Engines
Sweep Engines
specify-icmp-type
{yes | no}
(Optional) Enables the ICMP header type:
• icmp-type—Specifies the value of the ICMP header
TYPE.
0 to 255
specify-port-range
{yes | no}
(Optional) Enables using a port range for inspection:
• port-range—Specifies the UDP port range used in
inspection.
0 to 65535
a-b[,c-d]
fragment-status Specifies whether fragments are wanted or not:
• Any fragment status
• Do not inspect fragments
• Inspect fragments
any
no-fragments
want-fragments
inverted-sweep Uses source port instead of destination port for unique
counting.
true | false
mask Specifies the mask used in TCP flags comparison:
• URG bit
• ACK bit
• PSH bit
• RST bit
• SYN bit
• FIN bit
urg
ack
psh
rst
syn
fin
storage-key Specifies the type of address key used to store persistent data:
• Attacker address
• Attacker and victim addresses
• Attacker address and victim port
Axxx
AxBx
Axxb
suppress-reverse Does not fire when a sweep has fired in the reverse direction
on this address set.
true| false
swap-attacker-victim Swaps the attacker and victim addresses and ports (source
and destination) in the alert message and in any actions taken.
true| false
(default)
tcp-flags Specifies the TCP flags to match when masked by mask:
• URG bit
• ACK bit
• PSH bit
• RST bit
• SYN bit
• FIN bit
urg
ack
psh
rst
syn
fin
unique Specifies the threshold number of unique port connections
between the two hosts.
0 to 65535
Table B-37 Sweep Engine Parameters (continued)
Parameter Description Value