Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual page 420

STATE Engine
There are three state machines in the STATE engine: SMTP, Cisco Login, and LPR Format String.
Table B-24
Table B-24
Parameter
state-machine
cisco-login
lpr-format-string
smtp
direction
service-ports
specify-exact-match-
offset
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
B-28
lists the parameters specific to the STATE engine.
STATE Engine Parameters
Description
State machine grouping.
Specifies the state machine for Cisco login:
state-name—Name of the state required before the
•
signature fires an alert:
Cisco device state
–
Control-C state
–
Password prompt state
–
Start state
–
Specifies the state machine to inspect for the LPR format
string vulnerability:
state-name—Name of the state required before the
•
signature fires an alert:
Abort state to end LPR Format String inspection
–
Format character state
–
State state
–
Specifies the state machine for the SMTP protocol:
• state-name—Name of the state required before the
signature fires an alert:
– Abort state to end LPR Format String inspection
– Mail body state
Mail header state
–
SMTP commands state
–
Start state
–
Direction of the traffic:
Traffic from service port destined to client port.
•
Traffic from client port destined to service port.
•
A comma-separated list of ports or port ranges where the
target service resides.
(Optional) Enables exact match offset:
• exact-match-offset—The exact stream offset the regular
expression string must report for a match to be valid.
Appendix B Signature Engines
Value
—
cisco-device
control-c
pass-prompt
start
abort
format-char
start
abort
mail-body
mail-header
smtp-commands
start
from-service
to-service
0 to 65535
1
a-b[,c-d]
0 to 65535
78-16527-01