B-18
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
78-16527-01
Appendix B Signature Engines
SERVICE Engines
Table B-14
SERVICE.H.225 Engine Parameters
Parameter
Description
Value
message-type
Type of H225 message to which the
signature applies:
•
SETUP
•
ASN.1-PER
•
Q.931
•
TPKT
asn.1-per
q.931
setup
tpkt
policy-type
Type of H225 policy to which the signature
applies:
•
Inspects field length.
•
Inspects presence. If certain fields are
present in the message, an alert is sent.
•
Inspects regular expressions.
•
Inspects field validations.
•
Inspects values.
Regex and presence are not valid for TPKT
signatures.
length
presence
regex
validate
value
specify-field-name
(Optional) Enables field name for use. Only
valid for SETUP and Q.931 message types.
Gives a dotted representation of the field
name that this signature applies to.
•
field-name—Field name to inspect.
1 to 512
specify-invalid-packet-index (Optional) Enables invalid packet index for
use for specific errors in ASN, TPKT, and
other errors that have fixed mapping.
•
invalid-packet-index—Inspection for
invalid packet index.
0 to 255
specify-regex-string
The regular expression to look for when the
policy type is regex. This is never set for
TPKT signatures:
•
A regular expression to search for in a
single TCP packet
•
(Optional) Enables min match length
for use. The minimum length of the
Regex match required to constitute a
match. This is never set for TPKT
signatures.
regex-string
specify-min-match-length
specify-value-range
Valid for the length or value policy types
(0x00 to 6535). Not valid for other policy
types.
•
value-range—Range of values.
0 to 65535
1
a-b