Table of Contents
Advertisement
10. To configure the sensor to watch only for specific RPC traffic, configure ignore and log rules in
the RPC Log Elements table. Click Add to display the Add RPC Log Element dialog box.
a.
Select the desired action, either ignore or log, from the Action drop-down menu.
b. Enter the source and destination IP addresses in the Source IP Address and Destination
IP Address fields using the following format:
<IP address>/<mask>
Select the appropriate IP version checkbox. Network masks can range from 0-32 for IPv4
and 0-128 for IPv6. To indicate any network, use 0.0.0.0/0 for IPv4 addresses and ::/0 for
IPv6 addresses.
c.
Enter the RPC program number. Use 0 to indicate any program number.
d. Click OK to add the filter to the table.
11. Click Commit to add your changes to the policy being configured.
Examples
The following example shows two rules which tell the sensor to ignore local (10.100.100.0/24) RPC
traffic but log all other RPC traffic.
Configuring the Protocol Analysis Module
Creating Network Sensor Policies and Signatures 2-77
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?