B-21
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
78-16527-01
Appendix B Signature Engines
SERVICE Engines
Table B-16
lists the parameters specific to the SERVICE.IDENT engine.
SERVICE.MSRPC Engine
This section describes the SERVICE.MSRPC engine, and contains the following topics:
•
Overview, page B-21
•
SERVICE.MSRPC Engine Parameters, page B-21
Overview
The SERVICE.MSRPC engine processes MSRPC packets. MSRPC allows for cooperative processing
between multiple computers and their application software in a networked environment. It is a
transaction-based protocol, implying that there is a sequence of communications that establish the
channel and pass processing requests and replies.
MS RPC is an ISO layer 5-6 protocol and is layered on top of other transport protocols such as UDP,
TCP, and SMB. The MSRPC engine contains facilities to allow for fragmentation and reassembly of the
MSRPC PDUs.
This communication channel is the source of recent Windows NT, Windows 2000, and Window XP
security vulnerabilities.
The SERVICE.MSRPC engine only decodes the DCE and RPC protocol for the most common
transaction types.
SERVICE.MSRPC Engine Parameters
Table B-17 on page B-22
lists the parameters specific to the SERVICE.MSRPC engine.
Table B-16
SERVICE.IDENT Engine Parameters
Parameter
Description
Value
inspection-type
Type of inspection to perform.
—
has-bad-port
Inspects payload for a bad port.
true | false
has-newline
Inspects payload for a nonterminating new line character.
true | false
size
Inspects for payload length longer than this.
0 to 65535
service-ports
A comma-separated list of ports or port ranges where the target
service resides.
0 to 65535
1
a-b[,c-d]
1.
The second number in the range must be greater than or equal to the first number.
direction
Direction of the traffic:
•
Traffic from service port destined to client port.
•
Traffic from client port destined to service port.
from-service
to-service