Table of Contents
Advertisement
2.
Payload Size — These settings allow you to configure a signature to match only if the payload
portion of a packet matches the search criteria specified by the Payload Size options. Use these
settings to check for abnormally sized packets, or to detect buffer overflows.
–
Minimum payload size in bytes to match. Valid values range from 0 to 1514 bytes. If you
are specifying a single value, enter the same value in the Maximum field also.
–
Maximum payload size to match. Valid values range from 0 to 1514 bytes.
–
Match Zero to match on the value zero if specified by a Minimum or Maximum value and
the packet contains the value zero in the tested field.
–
Select Match Negative if you want the signature to match if the payload size is not the
value specified.
3.
Click OK.
4.
Click the Matches tab to configure extended signature match patterns. See
Matching
Capabilities" on page 3-23 for more information about the types of matches you can
configure.
5.
Click Add to create a new match configuration.
Creating Network Sensor Policies and Signatures 3-37
Creating Custom Signatures
"Enhanced Pattern
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?