Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual page 410

SERVICE Engines
Table B-14
Parameter
message-type
policy-type
specify-field-name
specify-invalid-packet-index (Optional) Enables invalid packet index for
specify-regex-string
specify-value-range
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
B-18
SERVICE.H.225 Engine Parameters
Description
Type of H225 message to which the
signature applies:
SETUP
•
• ASN.1-PER
• Q.931
• TPKT
Type of H225 policy to which the signature
applies:
Inspects field length.
•
Inspects presence. If certain fields are
•
present in the message, an alert is sent.
• Inspects regular expressions.
Inspects field validations.
•
Inspects values.
•
Regex and presence are not valid for TPKT
signatures.
(Optional) Enables field name for use. Only
valid for SETUP and Q.931 message types.
Gives a dotted representation of the field
name that this signature applies to.
• field-name—Field name to inspect.
use for specific errors in ASN, TPKT, and
other errors that have fixed mapping.
• invalid-packet-index—Inspection for
invalid packet index.
The regular expression to look for when the
policy type is regex. This is never set for
TPKT signatures:
A regular expression to search for in a
•
single TCP packet
(Optional) Enables min match length
•
for use. The minimum length of the
Regex match required to constitute a
match. This is never set for TPKT
signatures.
Valid for the length or value policy types
(0x00 to 6535). Not valid for other policy
types.
value-range—Range of values.
•
Appendix B Signature Engines
Value
asn.1-per
q.931
setup
tpkt
length
presence
regex
validate
value
1 to 512
0 to 255
regex-string
specify-min-match-length
1
0 to 65535
a-b
78-16527-01