Table of Contents
Advertisement
Configuring Application Fingerprinting
Example REGEX Signature File
This section contains an example "app-regex.txt" file. Note that application signatures and groups are
defined using the formatting conventions described in
Groups" on page
30-13.
App-name: TCP-Syn-BDos
Description: TCP-Syn-BDos
\x02\xfe..\x80.*\xc0\xa8\x05\xca.*(\x0c|\x04)\x00\x00\x50
App-name: UDP-Flood
Description: UDP-Flood
\x2a.*\xc0\xa8\x05\xca.*\x7a\x69\x00\x87
App-name: DNS-Attack
Description: DNS-Attack
\xc0\xa8\x05\xca.*\x01\x00.*example\x04fake
App-name: Apache-mod_cache-DoS
Description: Apache-Headers-mod_cache-DoS
Cache\x2dControl: +(max\x2dage\x3d|s\x2dmax-
age\x3d|max\x2dstale\x3d|max\x2dage\x3d|min\x2dfresh\x3d)
App-name: BO-Multicast
Description: BO-Borland-StarTe-Multicast
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
App-name: HTTP-Hp-OpVw-OvAccep
Description: HTTP-Misc-Hp-OpVw-OvAccep-BO
OvAcceptLang\x3den\x2dusaAAAAAAAAAAAAAAAAAAAA
App-name: HTTP-null-byte
Description: HTTP-Misc-asp-null-byte-dis-3
/6fNY7wiRTr/VhR9aOCw5WKprcOxYFD57s1kDpoCCekW0Sxhywdx.*wcanQ.*wcanQ
App-group: Static = Apache-mod_cache-DoS BO-Multicast HTTP-null-byte HTTP-Hp-OpVw-OvAccep
App-group: AttackMon = TCP-Syn-BDos
App-group: AttackBlock = UDP-Flood
App-group: AttackRateLmt = DNS-Attack
OmniSwitch AOS Release 8 Network Configuration Guide
"Defining Application REGEX Signatures and
December 2017
Configuring AFP
page 30-15
- Quick Links:
- Ethernet Port Defaults
Hide quick links:
Advertisement
Table of Contents
