Enterasys Intrusion Prevention System Manual page 10

Log Option Tab ...................................................................................................................................... 2-39
Log Protocol Tab .................................................................................................................................... 2-41
Log Frag Tab .......................................................................................................................................... 2-42
Log Static Tab ........................................................................................................................................ 2-44
Log Broadcast Tab ................................................................................................................................. 2-46
Configuring the Probe Detection Module ...................................................................................................... 2-47
Procedure ............................................................................................................................................... 2-48
Configuring the Protocol Analysis Module .................................................................................................... 2-50
DNS Analysis Configuration ................................................................................................................... 2-51
FTP Analysis Configuration .................................................................................................................... 2-54
Finger Analysis Configuration ................................................................................................................ 2-56
H.225 Analysis Configuration ................................................................................................................. 2-58
H.245 Analysis Configuration ................................................................................................................. 2-61
HTTP Analysis Configuration ................................................................................................................. 2-63
ICMP Analysis Configuration ................................................................................................................ 2-66
MGCP Analysis Configuration ................................................................................................................ 2-69
RIP Analysis Configuration .................................................................................................................... 2-72
RPC Analysis Configuration ................................................................................................................... 2-74
SIP Analysis Configuration ..................................................................................................................... 2-78
SMB Analysis Configuration ................................................................................................................... 2-81
SNMP Analysis Configuration ................................................................................................................ 2-83
Telnet Analysis Configuration ................................................................................................................ 2-85
Configuring the SNMP Trap Module ............................................................................................................. 2-88
Procedure ............................................................................................................................................... 2-88
Configuring the TCP State Module ............................................................................................................... 2-89
Procedure ............................................................................................................................................... 2-89
Configuring the Transport Layer Module ...................................................................................................... 2-91
General Settings Tab ............................................................................................................................. 2-91
Stream Rebuilding Tab .......................................................................................................................... 2-94
Flags Tab ............................................................................................................................................... 2-96
Log Syn Tab ........................................................................................................................................... 2-97
Log Session Tab .................................................................................................................................... 2-99
Log Start Stop Tab ............................................................................................................................... 2-101
Log Destination Tab ............................................................................................................................. 2-103
Log Server Tab .................................................................................................................................... 2-105
Log Syn Pattern Tab ............................................................................................................................ 2-108
Log Pairs Tab ....................................................................................................................................... 2-109
Chapter 3: Creating Network Sensor Signatures
Signature Overview ........................................................................................................................................ 3-1
Resource-Based Signatures .................................................................................................................... 3-1
Suspicious Traffic ..................................................................................................................................... 3-2
Server Messages ..................................................................................................................................... 3-2
Indirect Signatures ................................................................................................................................... 3-2
Tips for Creating Signatures .................................................................................................................... 3-3
Creating Custom Signature Libraries ............................................................................................................. 3-5
Signatures and Live Update ..................................................................................................................... 3-5
Creating a Custom Library ....................................................................................................................... 3-6
Copying Existing Signatures Into a Custom Library ................................................................................. 3-8
Using the Signature Filter Dialog ............................................................................................................. 3-9
Creating Custom Signatures ........................................................................................................................ 3-12
Configuring Basic Signature Properties ................................................................................................. 3-14
Configuring Extended Signature Properties ........................................................................................... 3-21
Creating Custom Event Groups .................................................................................................................... 3-43
Example of Signature Creation ..................................................................................................................... 3-44
viii