AIC Engine
•
•
•
•
•
•
•
•
•
AIC Engine
The AIC engine inspects HTTP web traffic and enforces FTP commands. This section describes the AIC
engine and its parameters, and contains the following topics:
•
•
Overview
The AIC engine defines signatures for deep inspection of web traffic. It also defines signatures that
authorize and enforce FTP commands.
There are two AIC engines: AIC.HTTP and AIC.FTP.
The AIC engine has the following features:
•
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
B-6
deny-packet-inline—Does not transmit this packet.
log-attacker-packets—Starts IP logging of packets containing the attacker address (inline only).
log-pair-packets—Starts IP logging of packets containing the attacker-victim address pair.
log-victim-packets—Starts IP logging of packets containing the victim address.
request-block-connection—Requests Network Access Controller to block this connection.
request-block-host—Requests Network Access Controller to block this attacker host.
request-snmp-trap—Sends request to NotificationApp to perform SNMP action.
reset-tcp-connection—Sends TCP resets to hijack and terminate the TCP flow.
modify-packet-inline—Modifies packet contents (inline only).
Note
Modify-packet-inline is a new feature from the inline normalizer. It scrubs the packet and
corrects irregular issues such as bad checksum, out of range values, and other RFC
violations.
Overview, page B-6
AIC Engine Parameters, page B-7
Web traffic:
RFC compliance enforcement
–
HTTP request method authorization and enforcement
–
Response message validation
–
MIME type enforcement
–
–
Transfer encoding type validation
–
Content control based on message content and type of data being transferred
–
URI length enforcement
Appendix B
Signature Engines
78-16527-01