Service Smb Engine - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

SERVICE Engines
Table B-20
Parameter
specify-port-map-program (Optional) Enables the portmapper program:
specify-rpc-max-length
specify-rpc-procedure
specify-rpc-program
1. The second number in the range must be greater than or equal to the first number.

SERVICE SMB Engine

The SERVICE.SMB engine inspects SMB packets. You can tune SMB signatures and create custom
SMB signatures based on SMB control transaction exchanges and SMB NT_Create_AndX exchanges.
Table B-21
Table B-21
Parameter
service-ports
specify-allocation-hint (Optional) Enables MS RPC allocation hint:
specify-byte-count
specify-command
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
B-24
SERVICE.RPC Engine Parameters (continued)
Description
port-map-program—The program number sent
•
to the portmapper for this signature.
(Optional) Enables RPC maximum length:
rpc-max-length—Maximum allowed length of
•
the entire RPC message. Lengths longer than
what you specify fire an alert.
(Optional) Enables RPC procedure:
rpc-procedure—RPC procedure number for this
•
signature.
(Optional) Enables RPC program:
rpc-program—RPC program number for this
•
signature.
lists the parameters specific to the SERVICE.SMB engine.
SERVICE.SMB Engine Parameters
Description
A comma-separated list of ports or port ranges where
the target service resides.
allocation-hint—MSRPC Allocation Hint, which is
•
used in SMB_COM_TRANSACTION command
2
parsing.
(Optional) Enables byte count:
byte-count—Byte count from
•
SMB_COM_TRANSACTION structure.
(Optional) Enables SMB commands:
command—SMB command value.
•
Appendix B Signature Engines
Value
0 to 9999999999
0 to 65535
0 to 1000000
0 to 1000000
Value
0 to 65535
a-b[,c-d]
0 to 42949677295
0 to 65535
3
0 to 255
4
1
78-16527-01