Fortinet Network Device IPS User Manual

FortiGate IPS User Guide Version 3.0 MR7

32

01-30007-0080-20080916

Creating custom signatures

Custom signatures

Table 7: UDP header keywords

Keyword and Value

Description

--dst_port [!]{ |
: | : |
:};

The destination port number.
You can specify a single port or port range:
•

is a single port.

•

: includes the specified port and
all lower numbered ports.

•

: includes the specified port and
all higher numbered ports.

•

: includes the two
specified ports and all ports in between.

--src_port [!]{ |
: | : |
:};

The source port number.
You can specify a single port or port range:
•

is a single port.

•

: includes the specified port and
all lower numbered ports.

•

: includes the specified port and
all higher numbered ports.

•

: includes the two
specified ports and all ports in between.

Table 8: ICMP keywords

Keyword and Value

Usage

--icmp_code ;

Specify the ICMP code to match.

--icmp_id ;

Check for the specified ICMP ID value.

--icmp_seq ;

Check for the specified ICMP sequence value.

--icmp_type ;

Specify the ICMP type to match.

Table 9: Other keywords

Keyword and Value

Description

--data_size { |
< | > |
<>};

Test the packet payload size. With data_size

specified, packet reassembly is turned off

automatically. So a signature with data_size

and only_stream values set is wrong.
•

is a particular packet size.

•

< is a packet smaller than the
specified size.

•

> is a packet larger than the
specified size.

•

<> within the
range between the specified sizes.

--data_at [,
relative];

Verify that the payload has data at a specified

offset, optionally looking for data relative to the

end of the previous content match.