[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
Protocol-Specific Parameters
Specifies certain values and options existing within packet
headers. These parameters are different for different protocols. In
a custom attack definition, you can specify fields for only one of
the following protocols—TCP, UDP, or ICMP. Although, you can
define IP protocol fields with TCP or UDP in a custom attack definition.
 |
Note:
Header parameters can be defined only for attack objects that
use a packet or first packet context. If you specified a line, stream,
stream 256, or a service context you cannot specify header parameters.
|
If you are unsure of the options or flag settings for the malicious
packet, leave all fields blank and IDP attempts to match the signature
for all header contents.
Table 105 displays fields
and flags that you can set for attacks that use the IP protocol.
Table 105: IP Protocol Fields and Flags
|
Field
|
Description
|
|
Type of Service
|
Specify a value for the service type. Common service types are:
- 0000 Default
- 0001 Minimize Cost
- 0002 Maximize Reliability
- 0003 Maximize Throughput
- 0004 Minimize Delay
- 0005 Maximize Security
|
|
Total Length
|
Specify a value for the number of bytes in the packet, including
all header fields and the data payload.
|
|
ID
|
Specify a value for the unique value used by the destination
system to reassemble a fragmented packet.
|
|
Time to Live
|
Specify an integer value in the range of 0–255 for the
time-to-live (TTL) value of the packet. This value represents the
number of devices the packet can traverse. Each router that processes
the packet decrements the TTL by 1; when the TTL reaches
0, the packet is discarded.
|
|
Protocol
|
Specify a value for the protocol used.
|
|
Source
|
Enter the source address of the attacking device.
|
|
Destination
|
Enter the destination address of the attack target.
|
|
Reserved Bit
|
This bit is not used.
|
|
More Fragments
|
When set (1), this option indicates that the packet
contains more fragments. When unset (0), it indicates that
no more fragments remain.
|
|
Don’t Fragment
|
When set (1), this option indicates that the packet
cannot be fragmented for transmission.
|
Table 106 displays packet
header fields and flags that you can set for attacks that use the
TCP protocol.
Table 106: TCP Header Fields and Flags
|
Field
|
Description
|
|
Source Port
|
Specify a value for the port number on the attacking device.
|
|
Destination Port
|
Specify a value for the port number of the attack target.
|
|
Sequence Number
|
Specify a value for the sequence number of the packet. This
number identifies the location of the data in relation to the entire
data sequence.
|
|
ACK Number
|
Specify a value for the ACK number of the packet. This number
identifies the next sequence number; the ACK flag must be set to activate
this field.
|
|
Header Length
|
Specify a value for the number of bytes in the TCP header.
|
|
Data Length
|
Specify a value for the number of bytes in the data payload.
For SYN, ACK, and FIN packets, this field should be empty.
|
|
Window Size
|
Specify a value for the number of bytes in the TCP window size.
|
|
Urgent Pointer
|
Specify a value for the urgent pointer. The value indicates
that the data in the packet is urgent; the URG flag must be set to
activate this field.
|
|
URG
|
When set, the urgent flag indicates that the packet data is
urgent.
|
|
ACK
|
When set, the acknowledgment flag acknowledges receipt of a
packet.
|
|
PSH
|
When set, the push flag indicates that the receiver should push
all data in the current sequence to the destination application (identified
by the port number) without waiting for the remaining packets in the
sequence.
|
|
RST
|
When set, the reset flag resets the TCP connection, discarding
all packets in an existing sequence.
|
|
SYN
|
When set, the SYN flag indicates a request for a new session.
|
|
FIN
|
When set, the final flag indicates that the packet transfer
is complete and the connection can be closed.
|
|
R1
|
This reserved bit (1 of 2) is not used.
|
|
R2
|
This reserved bit (2 of 2) is not used.
|
Table 107 displays packet
header fields and flags that you can set for attacks that use the
UDP protocol.
Table 107: UDP Header Fields and Flags
|
Field
|
Description
|
|
Source Port
|
Specify a value for the port number on the attacking device.
|
|
Destination Port
|
Specify a value for the port number of the attack target.
|
|
Data Length
|
Specify a value for the number of bytes in the data payload.
|
Table 108 displays packet
header fields and flags that you can set for attacks that use the
ICMP protocol.
Table 108: ICMP Header Fields and Flags
|
Field
|
Description
|
|
ICMP Type
|
Specify a value for the primary code that identifies the function
of the request or reply packet.
|
|
ICMP Code
|
Specify a value for the secondary code that identifies the function
of the request or reply packet within a given type.
|
|
Sequence Number
|
Specify a value for the sequence number of the packet. This
number identifies the location of the request or reply packet in relation
to the entire sequence.
|
|
ICMP ID
|
Specify a value for the identification number. The identification
number is a unique value used by the destination system to associate
request and reply packets.
|
|
Data Length
|
Specify a value for the number of bytes in the data payload.
|
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
