Fortinet Network Device IPS Manual do Utilizador descarregar pdf (Página 31)

Custom signatures Creating custom signatures

FortiGate IPS User Guide Version 3.0 MR7

01-30007-0080-20080916 31

--tcp_flags

<FSRPAU120>[!|*|+]

[,<FSRPAU120>];

Specify the TCP flags to match in a packet.

• S: Match the SYN flag.

• A: Match the ACK flag.

• F: Match the FIN flag.

• R: Match the RST flag.

• U: Match the URG flag.

• P: Match the PSH flag.

• 1: Match Reserved bit 1.

• 2: Match Reserved bit 2.

• 0: Match No TCP flags set.

• +: Match on the specified bits, plus any

others.

• *: Match if any of the specified bits are set.

• !: Match if the specified bits are not set.

The first part if the value (<FSRPAU120>) defines

the bits that must present for a successful match.

For example:

--tcp_flags AP

only matches the case where both A and P bits

are set.

The second part ([,<FSRPAU120>]) is optional,

and defines the additional bits that can present

for a match. For example:

tcp_flags S,12

matches the following combinations of flags: S, S

and 1, S and 2, S and 1 and 2.

The modifiers !, * and + can not be used in the

second part.

--window_size

[!]<window_int>;

Check for the specified TCP window size.

You can specify the window size as a

hexadecimal or decimal integer. A hexadecimal

value must be preceded by 0x.

To have the FortiGate search for the absence of

the specified window size, add an exclamation

mark (!) before the window size.

Table 6: TCP header keywords (Continued)

Keyword and Value Description

1 2 ... 26 27 28 29 30 31 32 33 34 35 36 ... 61 62

Comentários a estes Manuais

Sem comentários

Fortinet Network Device IPS Manual do Utilizador Página 31

Comentários a estes Manuais

Manuais e produtos relacionados com Hardware Fortinet Network Device IPS