Service.generic Engine; Service.h225 Engine - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

SERVICE Engines

SERVICE.GENERIC Engine

The SERVICE.GENERIC engine allows programmatic signatures to be issued in a config-file-only
signature update. It has a simple machine and assembly language that is defined in the configuration file.
It runs the machine code (distilled from the assembly language) through its virtual machine, which
processes the instructions and pulls the important pieces of information out of the packet and runs them
through the comparisons and operations specified in the machine code.
It is intended as a rapid signature response engine to supplement the STRING and STATE engines.
You cannot use the SERVICE.GENERIC engine to create custom signatures.
Note
Only advanced users should tune SERVICE.GENERIC engine signatures.
Caution
Table B-13
Table B-13
Parameter
specify-dst-port
specify-ip-protocol
specify-payload-source (Optional) Enables payload source inspection:
specify-src-port

SERVICE.H225 Engine

This section describes the SERVICE.H225 engine, and contains the following topics:
•
•
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
B-16
lists the parameters specific to the SERVICE.GENERIC engine.
SERVICE.GENERIC Engine Parameters
Description
(Optional) Enables the destination port:
• dst-port—Destination port of interest for this signature
(Optional) Enables IP protocol:
ip-protocol—The IP protocol this inspector should
•
examine
payload-source—Payload source inspection for the
•
following types:
(Optional) Enables the source port:
src-port—Source port of interest for this signature
•
Overview, page B-17
SERVICE.H255 Engine Parameters, page B-17
Inspects ICMP data
–
Inspects Layer 2 headers
–
Inspects Layer 3 headers
–
Inspects Layer 4 headers
–
Inspects TCP data
–
Inspects UDP data
–
Appendix B Signature Engines
Value
0 to 65535
0 to 255
icmp-data
l2-header
l3-header
l4-header
tcp-data
udp-data
0 to 65535
78-16527-01