B-20
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
78-16527-01
Appendix B Signature Engines
SERVICE Engines
SERVICE.IDENT Engine
The SERVICE.IDENT engine inspects TCP port 113 traffic. It has basic decode and provides parameters
to specify length overflows.
specify-max-request-length
(Optional) Enables maximum request field length:
•
max-request-length—Maximum length of the
request field.
0 to 65535
specify-max-uri-field-length
(Optional) Enables the maximum URI field
length:
•
max-uri-field-length—Maximum length of
the URI field.
0 to 65535
regex
Regular expression grouping.
—
specify-arg-name-regex
(Optional) Enables searching the Arguments field
for a specific regular expression:
•
arg-name-regex—Regular expression to
search for in the HTTP Arguments field (after
the ? and in the Entity body as defined by
Content-Length).
—
specify-header-regex
(Optional) Enables searching the Header field for
a specific regular expression:
•
header-regex—Regular Expression to search
in the HTTP Header field. The Header is
defined after the first CRLF and continues
until CRLFCRLF.
—
specify-request-regex
(Optional) Enables searching the Request field for
a specific regular expression:
•
request-regex—Regular expression to search
in both HTTP URI and HTTP Argument
fields.
•
specify-min-request-match-length—Enables
setting a minimum request match length.
0 to 65535
specify-uri-regex
(Optional) Regular expression to search in HTTP
URI field. The URI field is defined to be after the
HTTP method (GET, for example) and before the
first CRLF. The regular expression is protected,
which means you cannot change the value.
[/\\][a-zA-Z][a-
zA-Z][a-zA-Z]
[a-zA-Z][a-zA-
Z][a-zA-Z][a-z
A-Z][.]jpeg
service-ports
A comma-separated list of ports or port ranges
where the target service resides.
0 to 65535
1
a-b[,c-d]
swap-attacker-victim
True if address (and ports) source and destination
are swapped in the alert message. False for no
swap (default).
true | false
1.
The second number in the range must be greater than or equal to the first number.
Table B-15
SERVICE.HTTP Engine Parameters (continued)
Parameter
Description
Value