Specifies certain values and options existing within packet
headers. These parameters are different for different protocols. In
a custom attack definition, you can specify fields for only one of
the following protocols—TCP, UDP, or ICMP. Although, you can
define IP protocol fields with TCP or UDP in a custom attack definition.
Note:
Header parameters can be defined only for attack objects that
use a packet or first packet context. If you specified a line, stream,
stream 256, or a service context you cannot specify header parameters.
If you are unsure of the options or flag settings for the malicious
packet, leave all fields blank and IDP attempts to match the signature
for all header contents.
Table 105 displays fields
and flags that you can set for attacks that use the IP protocol.
Table 105: IP Protocol Fields and Flags
Field
Description
Type of Service
Specify a value for the service type. Common service types are:
0000 Default
0001 Minimize Cost
0002 Maximize Reliability
0003 Maximize Throughput
0004 Minimize Delay
0005 Maximize Security
Total Length
Specify a value for the number of bytes in the packet, including
all header fields and the data payload.
ID
Specify a value for the unique value used by the destination
system to reassemble a fragmented packet.
Time to Live
Specify an integer value in the range of 0–255 for the
time-to-live (TTL) value of the packet. This value represents the
number of devices the packet can traverse. Each router that processes
the packet decrements the TTL by 1; when the TTL reaches
0, the packet is discarded.
Protocol
Specify a value for the protocol used.
Source
Enter the source address of the attacking device.
Destination
Enter the destination address of the attack target.
Reserved Bit
This bit is not used.
More Fragments
When set (1), this option indicates that the packet
contains more fragments. When unset (0), it indicates that
no more fragments remain.
Don’t Fragment
When set (1), this option indicates that the packet
cannot be fragmented for transmission.
Table 106 displays packet
header fields and flags that you can set for attacks that use the
TCP protocol.
Table 106: TCP Header Fields and Flags
Field
Description
Source Port
Specify a value for the port number on the attacking device.
Destination Port
Specify a value for the port number of the attack target.
Sequence Number
Specify a value for the sequence number of the packet. This
number identifies the location of the data in relation to the entire
data sequence.
ACK Number
Specify a value for the ACK number of the packet. This number
identifies the next sequence number; the ACK flag must be set to activate
this field.
Header Length
Specify a value for the number of bytes in the TCP header.
Data Length
Specify a value for the number of bytes in the data payload.
For SYN, ACK, and FIN packets, this field should be empty.
Window Size
Specify a value for the number of bytes in the TCP window size.
Urgent Pointer
Specify a value for the urgent pointer. The value indicates
that the data in the packet is urgent; the URG flag must be set to
activate this field.
URG
When set, the urgent flag indicates that the packet data is
urgent.
ACK
When set, the acknowledgment flag acknowledges receipt of a
packet.
PSH
When set, the push flag indicates that the receiver should push
all data in the current sequence to the destination application (identified
by the port number) without waiting for the remaining packets in the
sequence.
RST
When set, the reset flag resets the TCP connection, discarding
all packets in an existing sequence.
SYN
When set, the SYN flag indicates a request for a new session.
FIN
When set, the final flag indicates that the packet transfer
is complete and the connection can be closed.
R1
This reserved bit (1 of 2) is not used.
R2
This reserved bit (2 of 2) is not used.
Table 107 displays packet
header fields and flags that you can set for attacks that use the
UDP protocol.
Table 107: UDP Header Fields and Flags
Field
Description
Source Port
Specify a value for the port number on the attacking device.
Destination Port
Specify a value for the port number of the attack target.
Data Length
Specify a value for the number of bytes in the data payload.
Table 108 displays packet
header fields and flags that you can set for attacks that use the
ICMP protocol.
Table 108: ICMP Header Fields and Flags
Field
Description
ICMP Type
Specify a value for the primary code that identifies the function
of the request or reply packet.
ICMP Code
Specify a value for the secondary code that identifies the function
of the request or reply packet within a given type.
Sequence Number
Specify a value for the sequence number of the packet. This
number identifies the location of the request or reply packet in relation
to the entire sequence.
ICMP ID
Specify a value for the identification number. The identification
number is a unique value used by the destination system to associate
request and reply packets.
Data Length
Specify a value for the number of bytes in the data payload.
