Tag Elements Beginning with S > <signature> (configuration/security/idp/custom-attack/
attack-type)

Usage

<configuration>
    <security>
        <idp>
            <custom-attack>
                <attack-type>
                    <signature>
                        <protocol-binding>...</protocol-binding>
                        <context>context</context> <!-- mandatory -->
                        <pattern>pattern</pattern>
                        <regexp>regexp</regexp>
                        <negate/>
                        <direction>direction-choice</direction> <!-- mandatory -->
                        <shellcode>shellcode-choice</shellcode>
                        <protocol>...</protocol>
                    </signature>
                </attack-type>
            </custom-attack>
        </idp>
    </security>
</configuration>

Description

Signature based attack.

Contents

<context>—Context.

<direction>—Connection direction of the attack.

• any—Any direction.
• client-to-server—Client to Server.
• server-to-client—Server to Client.

<negate>—Trigger the attack if condition is not met.

<pattern>—Pattern is the signature of the attack you want to detect.

<protocol>—Protocol header matches.

<protocol-binding>—Protocol binding over which attack will be detected.

<regexp>—Regular expression used for matching repetition of patterns.

<shellcode>—Specify shellcode flag for this attack.

• all—Detect shellcode for both intel and sparc platforms.
• intel—Detect shellcode for intel platforms.
• no-shellcode—Do not detect shellcode.
• sparc—Detect shellcode for sparc platforms.