String Engines; Overview; String.icmp Engine Parameters - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Appendix B Signature Engines
Table B-24
Parameter
specify-min-match-
length
swap-attacker-victim True if address (and ports) source and destination are
1. The second number in the range must be greater than or equal to the first number.

STRING Engines

This section describes the STRING engine, and contains the following topics:
•
•
•
•

Overview

The STRING engine is a generic-based pattern-matching inspection engine for ICMP, TCP, and UDP
protocols. The STRING engine uses a regular expression engine that can combine multiple patterns into
a single pattern-matching table allowing for a single search through the data.
There are three STRING engines: STRING.ICMP, STRING.TCP, and STRING.UDP.
For an example custom STRING engine signature, see

STRING.ICMP Engine Parameters

Table B-25
Table B-25
Parameter
direction
icmp-type
78-16527-01
STATE Engine Parameters (continued)
Description
(Optional) Enables minimum match length:
min-match-length—Minimum number of bytes the
•
regular expression string must match.
swapped in the alert message. False for no swap (default).
Overview, page B-29
STRING.ICMP Engine Parameters, page B-29
STRING.TPC Engine Parameters, page B-30
STRING-UDP Engine Parameters, page B-31
lists the parameters specific to the STRING.ICMP engine.
STRING.ICMP Engine Parameters
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
Example STRING.TCP Signature, page
Description
Direction of the traffic:
Traffic from service port destined to client port.
•
Traffic from client port destined to service port.
•
ICMP header TYPE value.
STRING Engines
Value
0 to 65535
true | false
7-30.
Value
from-service
to-service
1
0 to 18
a-b[,c-d]
B-29