FortiGate IPS User Guide Version 3.0 MR7
36
01-30007-0080-20080916
Creating custom signatures
Custom signatures
Use the
--protocol tcp
keyword to limit the effect of the custom signature to
only TCP traffic. This will save system resources by not unnecessarily scanning
UDP and ICMP traffic.
F-SBID( --name "Block.SMTP.VRFY.CMD"; --pattern "vrfy";
--service SMTP; --protocol tcp; )
The FortiGate unit will limit its search for the pattern to TCP traffic and ignore the
pattern in UDP and ICMP network traffic.
6
Ignoring case sensitivity
By default, patterns are case sensitive. If a user directed his or her browser to
Example.com, the custom signature would not recognize the URL as a match.
Use the
--no_case
keyword to make the pattern matching case insensitive.
F-SBID( --name "Block.SMTP.VRFY.CMD"; --pattern "vrfy";
--service SMTP; --no_case; )
Unlike all of the other keywords in this example, the
--no_case
keyword has no
value. Only the keyword is required.
7
Specifying the context
The SMTP vrfy command will appear in the SMTP header. The
--context host
keyword/value pair allows you to limit the pattern search to
only the header.
F-SBID( --name "Block.SMTP.VRFY.CMD"; --pattern "vrfy";
--service SMTP; --no_case; --context header; )
Содержание FortiGate 3.0 MR7
Страница 1: ...www fortinet com FortiGate IPS User Guide Version 3 0 MR7 U S E R G U I D E...
Страница 50: ...FortiGate IPS User Guide Version 3 0 MR7 50 01 30007 0080 20080916 Understanding the anomalies DoS sensors...
Страница 60: ...FortiGate Version 3 0 MR7 IPS User Guide 60 01 30007 0080 20080916 Index T technical support 8...
Страница 61: ...www fortinet com...
Страница 62: ...www fortinet com...