Cisco 4215 - Intrusion Detection Sys Sensor, Configuration Manual, Page: 143 / 536

7-25
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
78-16527-01
Chapter 7 Defining Signatures
Configuring Signatures
Table 7-6 TCP Stream Reassembly Signatures
TCP Stream Reassembly Signature Parameter With Default Value
1300 TCP Segment Overwrite None
1301 TCP Session Inactivity Timeout tcp-idle-timeout 3600
1302 TCP Session Embryonic Timeout tcp-embryonic-timeout 15
1303 TCP Session Closing Timeout tcp-closed-timeout 5
1304 TCP Session Packet Queue Overflow tcp-max-queue 32
1305 TCP Urgent Flag Set None
1306 0 TCP Option Others
1306 1 TCP SACK Allowed Option
1306 2 TCP SACK Data Option
1306 3 TCP Timestamp Option
1306 4 TCP Window Scale Option
1306 5 TCP MSS Option tcp-option-number 6-7,9-255
1307 TCP Window Size Variation None
1308 TTL Evasion None
1309 TCP Reserved Flags Set None
1310 TCP Retransmit Data Different None
1311 TCP Packet Exceeds MSS None
1312 TCP MSS Below Minimum tcp-min-mss 400
1313 TCP MSS Exceed Maximum tcp-max-mss 1460
1314 TCP SYN Packet with Data None
1330 0 TCP Drop - Bad Checksum
1
1330 1 TCP Drop - Bad TCP Flags
1330 2 TCP Drop - Urgent Pointer Without Flag
1330 3 TCP Drop - Bad Option List
1330 4 TCP Drop - Bad Option Length
1330 5 TCP Drop - MSS Option in Non-SYN
1330 6 TCP Drop - WinScale Option in Non-SYN
1330 7 TCP Drop - Bad WinScale Option Value
1330 8 TCP Drop - Bad SACK Allow
1330 9 TCP Drop - Data in SYN|ACK
1330 10 TCP Drop - Data Past FIN
1330 11 TCP Drop - Timestamp not Allowed
1330 12 TCP Drop - Segment Out of Order
1330 13 TCP Drop - Invalid TCP Packet
1330 14 TCP Drop - RST or SYN in window
1330 15 TCP Drop - Segment Already ACKed by Peer
1330 16 TCP Drop - PAWS Check Failed
1330 17 TCP Drop - Segment out of State Order
1330 18 TCP Drop - Segment out of Window
None
3050 Half Open SYN Attack syn-flood-max-embryonic 5000
3250 TCP Hijack max-old-ack 200
3251 TCP Hijack Simplex Mode max-old-ack 100