Force10 Networks 100-00055-01 manual Pnic-Compiler Option

Figure 36 pnic-Compiler Option 6-7

Channel 1 Dynamic rules

Please choose how many dynamic rules (5-20 recommended) Dynamic rules are rules that can be added without recompiling the firmware. They can be added at runtime through the UI Dynamic rules only work for Ipv4 traffic for now

2)2 6) 30 10) 70 14) 120 18) 200 22) 280 26) 360

3)5 7) 40 11) 80 15) 140 19) 220 23) 300 27) 380

4)10 8) 50 12) 90 16) 160 20) 240 24) 320 28) 400 #? 5

Do you want to include the default meta rules? alert tcp any any -> any any (msg:"Z SYN"; flags:S,12; S:1; R:2; C:3;) alert tcp any any -> any any (msg:"Z SYNACK"; flags:SA; S:1; R:2; C:5;)

alert tcp any any -> any any (msg:"Z TCP within was issued previously for this flow = capture flow"; S:32; R:2; C:32;) alert udp any any -> any any (msg:"Z UDP within was issued previously for this stream = capture stream"; S:64; R:2; C:64;) alert tcp any any -> any any (msg:"Z SAPU TCP Flags"; flags:SAPU;)

alert tcp any any -> any any (msg:"Z FU TCP Flags"; flags:FU;) alert tcp any any -> any any (msg:"Z PF TCP Flags"; flags:PF;) alert tcp any any -> any any (msg:"Z UP TCP Flags"; flags:UP;) alert tcp any any -> any any (msg:"Z Zero TCP Flags"; flags:0;)

1)Yes

2)No

#? 1

Do you want to include the segmentation evasion rules?

alert tcp any any -> any any (msg:"Z Evasion: State 2 Fragment of size 1 "; dsize: 1; S:4; R:1; C:16;)

alert tcp any any -> any any (msg:"Z Evasion: State 1 First fragment of size 0 <> 10 = state 1"; dsize: 0 <> 20; S:4; R:1; C:8;)

alert tcp any any -> any any (msg:"Z Evasion: State 2 Second fragment of size 0 <> 10 = capture flow"; dsize: 0 <> 20; S:8; R:1; C:16;)

alert tcp any any -> any any (msg:"Z Evasion: State 3 Capture flow fragments of size 0 <> 10"; dsize: 0 <> 100; S:16; R:2; C:17;) 1) Yes

2) No #? 1