Tag Elements Beginning with S > <signature> (configuration/security/idp/custom-attack/
attack-type/chain/member/attack-type)

Usage

<configuration>
    <security>
        <idp>
            <custom-attack>
                <attack-type>
                    <chain>
                        <member>
                            <attack-type>
                                <signature>
                                    <context>context</context> <!-- mandatory -->
                                    <pattern>pattern</pattern>
                                    <regexp>regexp</regexp>
                                    <negate/>
                                    <direction>direction-choice</direction> <!-- mandatory -->
                                    <shellcode>shellcode-choice</shellcode>
                                    <protocol>...</protocol>
                                </signature>
                            </attack-type>
                        </member>
                    </chain>
                </attack-type>
            </custom-attack>
        </idp>
    </security>
</configuration>

Description

Signature based attack.

Contents

<context>—Context.

<direction>—Connection direction of the attack.

• any—Any direction.
• client-to-server—Client to Server.
• server-to-client—Server to Client.

<negate>—Trigger the attack if condition is not met.

<pattern>—Pattern is the signature of the attack you want to detect.

<protocol>—Protocol header matches.

<regexp>—Regular expression used for matching repetition of patterns.

<shellcode>—Specify shellcode flag for this attack.

• all—Detect shellcode for both intel and sparc platforms.
• intel—Detect shellcode for intel platforms.
• no-shellcode—Do not detect shellcode.
• sparc—Detect shellcode for sparc platforms.