B-30
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
78-16527-01
Appendix B Signature Engines
STRING Engines
STRING.TPC Engine Parameters
Table B-26
lists the parameters specific to the STRING.TCP engine.
specify-exact-match-offset
(Optional) Enables exact match offset:
•
exact-match-offset—The exact stream offset the
regular expression string must report for a match
to be valid.
0 to 65535
specify-min-match-length
(Optional) Enables minimum match length:
•
min-match-length—Minimum number of bytes
the regular expression string must match.
0 to 65535
swap-attacker-victim
True if address (and ports) source and destination are
swapped in the alert message. False for no swap
(default).
true | false
1.
The second number in the range must be greater than or equal to the first number.
Table B-25
STRING.ICMP Engine Parameters (continued)
Parameter
Description
Value
Table B-26
STRING.TCP Engine
Parameter
Description
Value
direction
Direction of the traffic:
•
Traffic from service port destined to client port.
•
Traffic from client port destined to service port.
from-service
to-service
service-ports
A comma-separated list of ports or port ranges where
the target service resides.
0 to 65535
1
a-b[,c-d]
1.
The second number in the range must be greater than or equal to the first number.
specify-exact-match-offset
(Optional) Enables exact match offset:
•
exact-match-offset—The exact stream offset the
regular expression string must report for a match
to be valid.
0 to 65535
specify-min-match-length
(Optional) Enables minimum match length:
•
min-match-length—Minimum number of bytes
the regular expression string must match.
0 to 65535
strip-telnet-options
Strips the telnet option characters from the data before
the pattern is searched.
2
2.
This parameter is primarily used as an IPS anti-evasion tool.
true | false
swap-attacker-victim
True if address (and ports) source and destination are
swapped in the alert message. False for no swap
(default).
true | false