1. Manuals
  2. Brands
  3. Enterasys Manuals
  4. Software
  5. Intrusion Prevention System
  6. Manual

Enterasys Intrusion Prevention System Manual page 173

Network sensor policies and signatures guide
Hide thumbs Also See for Intrusion Prevention System:
Table of Contents

Advertisement

2.
TTL — The value of the 8-bit Time To Live (TTL) field in the IP header exhibits a high degree
a variation from OS to OS, and programs such as traceroute (which set artificially low TTL
values) can be used to assist in the network mapping process. You can specify:
Minimum TTL value to match. Valid values range from 0 to 255. If you are specifying a
single value, enter the same value in the Maximum field also.
Maximum TTL value to match. Valid values range from 0 to 255.
Match Zero to match on the value zero if specified by a Minimum or Maximum value and
the packet contains the value zero in the tested field.
Select Match Negative if you want the signature to match if the TTL is not the value
specified.
3.
TOS — The Type of Service (TOS) bits within the IP header can be tested. You can specify:
Minimum TOS value to match. Valid values range from 0 to 255. If you are specifying a
single value, enter the same value in the Maximum field also.
Maximum TOS value to match. Valid values range from 0 to 255.
Match Zero to match on the value zero if specified by a Minimum or Maximum value and
the packet contains the value zero in the tested field.
Select Match Negative if you want the signature to match if the TOS is not the value
specified.
4.
IPID — The 16-bit Identification field of the IP header can be tested.
Minimum ID value to match. Valid values range from 0 to 65536. If you are specifying a
single value, enter the same value in the Maximum field also.
Maximum ID value to match. Valid values range from 0 to 65536.
Match Zero to match on the value zero if specified by a Minimum or Maximum value and
the packet contains the value zero in the tested field.
Select Match Negative if you want the signature to match if the ID is not the value
specified.
5.
IP Protocol — Although most popularly known attacks occur in various applications that
strictly communicate over TCP or UDP (IP protocols 6 and 17, respectively) there are still
vulnerabilities that are discovered and announced in various software that communicate over
other IP protocols (such as IGMP for example: http://secunia.com/advisories/13469).
Minimum protocol value to match. Valid values range from 0 to 255. If you are specifying
a single value, enter the same value in the Maximum field also.
Maximum protocol value to match. Valid values range from 0 to 255.
Match Zero to match on the value zero if specified by a Minimum or Maximum value and
the packet contains the value zero in the tested field.
Select Match Negative if you want the signature to match if the protocol is not the value
specified.
Creating Network Sensor Policies and Signatures 3-31
Creating Custom Signatures

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Intrusion Prevention System and is the answer not in the manual?

Related Manuals for Enterasys Intrusion Prevention System

Related Products for Enterasys Intrusion Prevention System

Table of Contents