B-28
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
78-16527-01
Appendix B Signature Engines
STATE Engine
There are three state machines in the STATE engine: SMTP, Cisco Login, and LPR Format String.
Table B-24
lists the parameters specific to the STATE engine.
Table B-24
STATE Engine Parameters
Parameter
Description
Value
state-machine
State machine grouping.
—
cisco-login
Specifies the state machine for Cisco login:
•
state-name—Name of the state required before the
signature fires an alert:
–
Cisco device state
–
Control-C state
–
Password prompt state
–
Start state
cisco-device
control-c
pass-prompt
start
lpr-format-string
Specifies the state machine to inspect for the LPR format
string vulnerability:
•
state-name—Name of the state required before the
signature fires an alert:
–
Abort state to end LPR Format String inspection
–
Format character state
–
State state
abort
format-char
start
smtp
Specifies the state machine for the SMTP protocol:
•
state-name—Name of the state required before the
signature fires an alert:
–
Abort state to end LPR Format String inspection
–
Mail body state
–
Mail header state
–
SMTP commands state
–
Start state
abort
mail-body
mail-header
smtp-commands
start
direction
Direction of the traffic:
•
Traffic from service port destined to client port.
•
Traffic from client port destined to service port.
from-service
to-service
service-ports
A comma-separated list of ports or port ranges where the
target service resides.
0 to 65535
a-b[,c-d]
1
specify-exact-match-
offset
(Optional) Enables exact match offset:
•
exact-match-offset—The exact stream offset the regular
expression string must report for a match to be valid.
0 to 65535