FortiGate IPS User Guide Version 3.0 MR7
32
01-30007-0080-20080916
Creating custom signatures
Custom signatures
Table 7: UDP header keywords
Keyword and Value
Description
--dst_port [!]{<port_int> |
:<port_int> | <port_int>: |
<port_int>:<port_int>};
The destination port number.
You can specify a single port or port range:
•
<port_int>
is a single port.
•
:<port_int>
includes the specified port and
all lower numbered ports.
•
<port_int>:
includes the specified port and
all higher numbered ports.
•
<port_int>:<port_int>
includes the two
specified ports and all ports in between.
--src_port [!]{<port_int> |
:<port_int> | <port_int>: |
<port_int>:<port_int>};
The source port number.
You can specify a single port or port range:
•
<port_int>
is a single port.
•
:<port_int>
includes the specified port and
all lower numbered ports.
•
<port_int>:
includes the specified port and
all higher numbered ports.
•
<port_int>:<port_int>
includes the two
specified ports and all ports in between.
Table 8: ICMP keywords
Keyword and Value
Usage
--icmp_code <code_int>;
Specify the ICMP code to match.
--icmp_id <id_int>;
Check for the specified ICMP ID value.
--icmp_seq <seq_int>;
Check for the specified ICMP sequence value.
--icmp_type <type_int>;
Specify the ICMP type to match.
Table 9: Other keywords
Keyword and Value
Description
--data_size {<size_int> |
<<size_int> | ><size_int> |
<port_int><><port_int>};
Test the packet payload size. With
data_size
specified, packet reassembly is turned off
automatically. So a signature with
data_size
and
only_stream
values set is wrong.
•
<size_int>
is a particular packet size.
•
<<size_int>
is a packet smaller than the
specified size.
•
><size_int>
is a packet larger than the
specified size.
•
<size_int><><size_int>
within the
range between the specified sizes.
--data_at <offset_int>[,
relative];
Verify that the payload has data at a specified
offset, optionally looking for data relative to the
end of the previous content match.
Содержание FortiGate 3.0 MR7
Страница 1: ...www fortinet com FortiGate IPS User Guide Version 3 0 MR7 U S E R G U I D E...
Страница 50: ...FortiGate IPS User Guide Version 3 0 MR7 50 01 30007 0080 20080916 Understanding the anomalies DoS sensors...
Страница 60: ...FortiGate Version 3 0 MR7 IPS User Guide 60 01 30007 0080 20080916 Index T technical support 8...
Страница 61: ...www fortinet com...
Страница 62: ...www fortinet com...