Configuring AFP
Configuring Application Fingerprinting
page 28-16
OmniSwitch AOS Release 7 Network Configuration Guide
June 2013
Example REGEX Signature File
This section contains an example “app-regex.txt” file. Note that application signatures and groups are
defined using the formatting conventions described in
“Defining Application REGEX Signatures and
.
App-name: TCP-Syn-BDos
Description: TCP-Syn-BDos
\x02\xfe..\x80.*\xc0\xa8\x05\xca.*(\x0c|\x04)\x00\x00\x50
App-name: UDP-Flood
Description: UDP-Flood
\x2a.*\xc0\xa8\x05\xca.*\x7a\x69\x00\x87
App-name: DNS-Attack
Description: DNS-Attack
\xc0\xa8\x05\xca.*\x01\x00.*example\x04fake
App-name: Apache-mod_cache-DoS
Description: Apache-Headers-mod_cache-DoS
Cache\x2dControl:
+(max\x2dage\x3d|s\x2dmaxage\x3d|max\x2dstale\x3d|max\x2dage\x3d|min\x2dfresh\x3d)
App-name: BO-Multicast
Description: BO-Borland-StarTe-Multicast
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
App-name: HTTP-Hp-OpVw-OvAccep
Description: HTTP-Misc-Hp-OpVw-OvAccep-BO
OvAcceptLang\x3den\x2dusaAAAAAAAAAAAAAAAAAAAA
App-name: HTTP-null-byte
Description: HTTP-Misc-asp-null-byte-dis-3
/6fNY7wiRTr/VhR9aOCw5WKprcOxYFD57s1kDpoCCekW0Sxhywdx.*wcanQ.*wcanQ
App-group: Static = Apache-mod_cache-DoS BO-Multicast HTTP-null-byte HTTP-Hp-OpVw-OvAccep
App-group: AttackMon = TCP-Syn-BDos
App-group: AttackBlock = UDP-Flood
App-group: AttackRateLmt = DNS-Attack