Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual page 145

Chapter 7 Defining Signatures
Configuring the Mode for TCP Stream Reassembly
Use the stream-reassembly command in the signature definition submode to configure the mode that
the sensor will use to reassemble TCP sessions.
The following options apply:
•
•
The asymmetric option disables TCP window evasion checking.
Caution
To configure the TCP stream reassembly parameters, follow these steps:
Log in to the CLI using an account with administrator or operator privileges.
Step 1
Enter TCP stream reassembly submode:
Step 2
sensor# configure terminal
sensor(config)# service signature-definition sig0
sensor(config-sig)# stream-reassembly
Specify that the sensor should only track session for which the 3-way handshake is completed:
Step 3
sensor(config-sig-str)# tcp-3-way-handshake-required true
Specify the mode the sensor should use to reassemble TCP sessions:
Step 4
sensor(config-sig-str)# tcp-reassembly-mode strict
Verify the settings:
Step 5
sensor(config-sig-str)# show settings
stream-reassembly
-----------------------------------------------
-----------------------------------------------
sensor(config-sig-str)#
Exit TCP reassembly submode:
Step 6
sensor(config-sig-str)# exit
sensor(config-sig)# exit
Apply Changes:?[yes]:
Press Enter to apply the changes or type
Step 7
78-16527-01
tcp-3-way-handshake-required [true | false]—Specifies that the sensor should only track sessions
for which the 3-way handshake is completed.
The default is true.
tcp-reassembly-mode—Specifies the mode the sensor should use to reassemble TCP sessions.
strict—Only allows the next expected in the sequence.
–
loose—Allows gaps in the sequence.
–
asym—Allows asymmetric traffic to be reassembled.
–
The default is strict.
tcp-3-way-handshake-required: true default: true
tcp-reassembly-mode: strict default: strict
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
to discard them.
no
Configuring Signatures
7-27