Fortinet Network Device IPS Uživatelský manuál stáhnout pdf (Strana 36)

FortiGate IPS User Guide Version 3.0 MR7

36 01-30007-0080-20080916

Creating custom signatures Custom signatures

Use the --protocol tcp keyword to limit the effect of the custom signature to

only TCP traffic. This will save system resources by not unnecessarily scanning

UDP and ICMP traffic.

F-SBID( --name "Block.SMTP.VRFY.CMD"; --pattern "vrfy";

--service SMTP; --protocol tcp; )

The FortiGate unit will limit its search for the pattern to TCP traffic and ignore the

pattern in UDP and ICMP network traffic.

6 Ignoring case sensitivity

By default, patterns are case sensitive. If a user directed his or her browser to

Example.com, the custom signature would not recognize the URL as a match.

Use the --no_case keyword to make the pattern matching case insensitive.

F-SBID( --name "Block.SMTP.VRFY.CMD"; --pattern "vrfy";

--service SMTP; --no_case; )

Unlike all of the other keywords in this example, the --no_case keyword has no

value. Only the keyword is required.

7 Specifying the context

The SMTP vrfy command will appear in the SMTP header. The

--context host keyword/value pair allows you to limit the pattern search to

only the header.

F-SBID( --name "Block.SMTP.VRFY.CMD"; --pattern "vrfy";

--service SMTP; --no_case; --context header; )

1 2 ... 31 32 33 34 35 36 37 38 39 40 41 ... 61 62

Žádné komentáře

Fortinet Network Device IPS Uživatelský manuál Strana 36