Manualshelf

- Cisco Home Security System User's Manual

ManualsBrandsCisco Systems ManualsHome Safety ProductIPS4510K9
221222223224225226227228229230
7-42
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
Chapter 7 Defining Signatures
Creating Custom Signatures
no—Removes an entry or selection setting.
regex-string —Specifies a regular expression to search for in a single TCP packet.
service-ports—Specifies the ports or port ranges where the target service may reside. The valid
range is 0 to 65535. It is a separated list of integer ranges a-b[,c-d] within 0 to 65535. The second
number in the range must be greater than or equal to the first number.
specify-exact-match-offset {yes | no}—(Optional) Enables exact match offset:
exact-match-offset—Specifies the exact stream offset the regular expression string must report
for a match to be valid. The value is 0 to 65535.
specify-min-match-length {yes | no}—(Optional) Enables minimum match length:
min-match-length—Specifies the minimum number of bytes the regular expression string must
match. The value is 0 to 65535.
strip-telnet-options {true | false}—Strips the Telnet option characters from the data before the
pattern is searched.
swap-attacker-victim {true | false}—Swaps the attacker and victim addresses and ports (source
and destination) in the alert message and in any actions taken. The default is false.
Creating a String TCP Engine Signature
To create a signature based on the String TCP engine, follow these steps:
Step 1
Log in to the CLI using an account with administrator or operator privileges.
Step 2
Enter signature definition submode.
sensor# configure terminal
sensor(config)# service signature-definition sig1
Step 3
Specify a signature ID and subsignature ID for the signature. Custom signatures are in the range of 60000
to 65000.
sensor(config-sig)# signatures 60025 0
Step 4
Enter signature description submode.
sensor(config-sig-sig)# sig-description
Step 5
Specify a name for the new signature. You can also specify a additional comments about the sig using
the sig-comment command or additional information about the signature using the sig-string-info
command.
sensor(config-sig-sig-sig)# sig-name This is my new name
Step 6
Exit signature description submode.
sensor(config-sig-sig-sig)# exit
Step 7
Specify the string TCP engine.
sensor(config-sig-sig)# engine string-tcp
Step 8
Specify the service ports.
sensor(config-sig-sig-str)# service-ports 23
Step 9
Specify the direction.
sensor(config-sig-sig-str)# direction to-service