STRING Engines
Table B-25
Parameter
specify-exact-match-offset
specify-min-match-length
swap-attacker-victim
1. The second number in the range must be greater than or equal to the first number.
STRING.TPC Engine Parameters
Table B-26
Table B-26
Parameter
direction
service-ports
specify-exact-match-offset
specify-min-match-length
strip-telnet-options
swap-attacker-victim
1. The second number in the range must be greater than or equal to the first number.
2. This parameter is primarily used as an IPS anti-evasion tool.
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
B-30
STRING.ICMP Engine Parameters (continued)
Description
(Optional) Enables exact match offset:
exact-match-offset—The exact stream offset the
•
regular expression string must report for a match
to be valid.
(Optional) Enables minimum match length:
min-match-length—Minimum number of bytes
•
the regular expression string must match.
True if address (and ports) source and destination are
swapped in the alert message. False for no swap
(default).
lists the parameters specific to the STRING.TCP engine.
STRING.TCP Engine
Description
Direction of the traffic:
•
Traffic from service port destined to client port.
Traffic from client port destined to service port.
•
A comma-separated list of ports or port ranges where
the target service resides.
(Optional) Enables exact match offset:
exact-match-offset—The exact stream offset the
•
regular expression string must report for a match
to be valid.
(Optional) Enables minimum match length:
min-match-length—Minimum number of bytes
•
the regular expression string must match.
Strips the telnet option characters from the data before
the pattern is searched.
True if address (and ports) source and destination are
swapped in the alert message. False for no swap
(default).
Appendix B
2
Signature Engines
Value
0 to 65535
0 to 65535
true | false
Value
from-service
to-service
1
0 to 65535
a-b[,c-d]
0 to 65535
0 to 65535
true | false
true | false
78-16527-01