Table of Contents
Advertisement
Custom signatures
FortiGate IPS User Guide Version 3.0 MR7
01-30007-0080-20080916
Table 6: TCP header keywords (Continued)
Keyword and Value
--tcp_flags
<FSRPAU120>[!|*|+]
[,<FSRPAU120>];
--window_size
[!]<window_int>;
Description
Specify the TCP flags to match in a packet.
•
S: Match the SYN flag.
•
A: Match the ACK flag.
•
F: Match the FIN flag.
•
R: Match the RST flag.
•
U: Match the URG flag.
•
P: Match the PSH flag.
•
1: Match Reserved bit 1.
•
2: Match Reserved bit 2.
•
0: Match No TCP flags set.
•
+: Match on the specified bits, plus any
others.
•
*: Match if any of the specified bits are set.
•
!: Match if the specified bits are not set.
The first part if the value (<FSRPAU120>) defines
the bits that must present for a successful match.
For example:
--tcp_flags AP
only matches the case where both A and P bits
are set.
The second part ([,<FSRPAU120>]) is optional,
and defines the additional bits that can present
for a match. For example:
tcp_flags S,12
matches the following combinations of flags: S, S
and 1, S and 2, S and 1 and 2.
The modifiers !, * and + can not be used in the
second part.
Check for the specified TCP window size.
You can specify the window size as a
hexadecimal or decimal integer. A hexadecimal
value must be preceded by 0x.
To have the FortiGate search for the absence of
the specified window size, add an exclamation
mark (!) before the window size.
Creating custom signatures
31
- Quick Links:
- Ips Custom Signatures
Hide quick links:
Advertisement
Table of Contents
