Example Aic Mime-Type Signature - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual
Configuration guide
Hide thumbs
Also See for 4215 - Intrusion Detection Sys Sensor:
- Hardware installation manual (74 pages)
Table of Contents
Advertisement
Creating Custom Signatures
-----------------------------------------------
sensor(config-sig-sig-met)#
Exit signature definition submode:
Step 11
sensor(config-sig-sig-met)# exit
sensor(config-sig-sig)# exit
sensor(config-sig)# exit
Apply Changes:?[yes]:
Press Enter to apply the changes or type
Step 12
Example AIC MIME-Type Signature
The following example demonstrates how to create a MIME-type signature based on the AIC engine.
The following options apply:
•
•
•
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
7-36
meta-key
-----------------------------------------------
Axxx
-----------------------------------------------
unique-victims: 1 <defaulted>
-----------------------------------------------
-----------------------------------------------
component-list-in-order: false <defaulted>
event-action—Action(s) to perform when alert is triggered
produce-alert—Writes evIdsAlert to Event Store
–
produce-verbose-alert—Includes an encoded dump (possibly truncated) of the offending
–
packet in the evIdsAlert
deny-attacker-inline—Does not transmit this packet and future packets from the attacker
–
address for a specified period of time (inline only)
deny-connection-inline—Does not transmit this packet and future packets on the TCP flow
–
(inline only)
deny-packet-inline—Does not transmit this packet (inline only)
–
log-attacker-packets—Starts IP logging of packets containing the attacker address
–
log-pair-packets —Starts IP logging of packets containing the attacker-victim address pair
–
log-victim-packets—Starts IP logging of packets containing the victim address
–
request-block-connection—Requests Network Access Controller to block this connection
–
–
request-block-host—Requests Network Access Controller to block this attacker host
–
request-snmp-trap—Sends a request to NotificationApp to perform an SNMP action
–
reset-tcp-connection—Sends TCP RESETS to hijack and terminate the TCP flow
no—Removes an entry or selection setting
signature-type—Type of signature desired
content-types—Content-types
–
define-web-traffic-policy—Defines web traffic policy
–
to discard them.
no
Chapter 7
Defining Signatures
78-16527-01
Advertisement
Table of Contents
Troubleshooting
