FortiGate IPS User Guide Version 3.0 MR7
32 01-30007-0080-20080916
Creating custom signatures Custom signatures
Table 7: UDP header keywords
Keyword and Value Description
--dst_port [!]{<port_int> |
:<port_int> | <port_int>: |
<port_int>:<port_int>};
The destination port number.
You can specify a single port or port range:
• <port_int> is a single port.
• :<port_int> includes the specified port and
all lower numbered ports.
• <port_int>: includes the specified port and
all higher numbered ports.
• <port_int>:<port_int> includes the two
specified ports and all ports in between.
--src_port [!]{<port_int> |
:<port_int> | <port_int>: |
<port_int>:<port_int>};
The source port number.
You can specify a single port or port range:
• <port_int> is a single port.
• :<port_int> includes the specified port and
all lower numbered ports.
• <port_int>: includes the specified port and
all higher numbered ports.
• <port_int>:<port_int> includes the two
specified ports and all ports in between.
Table 8: ICMP keywords
Keyword and Value Usage
--icmp_code <code_int>; Specify the ICMP code to match.
--icmp_id <id_int>; Check for the specified ICMP ID value.
--icmp_seq <seq_int>; Check for the specified ICMP sequence value.
--icmp_type <type_int>; Specify the ICMP type to match.
Table 9: Other keywords
Keyword and Value Description
--data_size {<size_int> |
<<size_int> | ><size_int> |
<port_int><><port_int>};
Test the packet payload size. With data_size
specified, packet reassembly is turned off
automatically. So a signature with data_size
and only_stream values set is wrong.
• <size_int> is a particular packet size.
• <<size_int> is a packet smaller than the
specified size.
• ><size_int> is a packet larger than the
specified size.
• <size_int><><size_int> within the
range between the specified sizes.
--data_at <offset_int>[,
relative];
Verify that the payload has data at a specified
offset, optionally looking for data relative to the
end of the previous content match.
To Next Page
Loading...