|
|
|
Custom signatures | Creating custom signatures |
Table 5: IP header keywords
Keyword and Value | Description | |
|
| |
| The destination IP address. | |
| To have the FortiGate search for a packet that does | |
| not contain the specified address, add an | |
| exclamation mark (!) before the IP address. | |
| You can define up to 28 IP addresses or CIDR | |
| blocks. Enclose the comma separated list in square | |
| brackets. | |
| Example: | |
| • | dst_addr [172.20.0.0/16,10.1.0.0/16, |
|
| 192.168.0.0/16] |
|
| |
Check the IP ID field for the specified value. | ||
Use the ip_option keyword to check various IP | ||
ts sec lsrr ssrr | option settings. The available options include: | |
satid any}; | • rr: Check if IP RR (record route) option is | |
|
| present. |
| • eol: Check if IP EOL (end of list) option is | |
|
| present. |
| • nop: Check if IP NOP (no op) option is present. | |
| • ts: Check if IP TS (time stamp) option is | |
|
| present. |
| • sec: Check if IP SEC (IP security) option is | |
|
| present. |
| • lsrr: Check if IP LSRR (loose source routing) | |
|
| option is present. |
| • ssrr: Check if IP SSRR (strict source routing) | |
|
| option is present. |
| • satid: Check if IP SATID (stream identifier) | |
|
| option is present. |
| • any: Check if IP any option is present. | |
Check the IP TOS field for the specified value. | ||
| Check the IP | |
| specified value. Optionally, you can check for an IP | |
| ||
| specified value with the appropriate symbol. | |
|
| |
Check the IP protocol header. | ||
{<protocol_int> tcp | Example: | |
udp icmp}; |
|
|
| The source IP address. | |
| To have the FortiGate search for a packet that does | |
| not contain the specified address, add an | |
| exclamation mark (!) before the IP address. | |
| You can define up to 28 IP addresses or CIDR | |
| blocks. Enclose the comma separated list in square | |
| brackets. | |
| Example: | |
| • | src_addr 192.168.13.0/24 |
|
|
|
FortiGate IPS User Guide Version 3.0 MR7 |
|
29 |