Table of Contents
Advertisement
3.
Sequence — This feature allows Enterasys IPS to match TCP packets that contain a specific
Sequence number (or range of Sequence numbers). Some port scanners automatically
hardcode the TCP Sequence number in SYN packets they generate, so matching these
numbers in network traffic can be an effective mechanism for detecting such activity.
–
Minimum value to match. Valid values range from 0 to 4,294,967,296. If you are specifying
a single value, enter the same value in the Maximum field also.
–
Maximum value to match. Valid values range from 0 to 4,294,967,296.
–
Match Zero to match on the value zero if specified by a Minimum or Maximum value and
the packet contains the value zero in the tested field.
–
Select Match Negative if you want the signature to match if the sequence number is not
the value specified.
4.
Acknowledgement — Matches TCP packets that contain a specific acknowledgement number
(or a range of acknowledgement numbers.)
–
Minimum value to match. Valid values range from 0 to 4,294,967,296. If you are specifying
a single value, enter the same value in the Maximum field also.
–
Maximum value to match. Valid values range from 0 to 4,294,967,296.
Creating Network Sensor Policies and Signatures 3-33
Creating Custom Signatures
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?