Appendix A

Cisco IDS Sensor Signatures

IP Signatures 1000 Series

The 1000 series signatures examine IP options, IP fragmentation, and bad IP packets. IP headers are examined for correct IP options and fire alarms based on the content of the IP header. If the data contained within the IP header does not meet the requirements for IP headers these signatures fire an alarm. IP fragmentation signatures examine the fragments of a packet for suspicious activity. Bad IP packets focus on invalid or crafted packets.

■ 1001-IP Options-Record Packet Route: This signature fires when an IP datagram is received with the IP option 7, Record Packet Route, set in the datagram.

■ 1002-IP Options-Timestamp: This signature fires when an IP datagram is received with the ...

Get Cisco Security Professional's Guide to Secure Intrusion Detection Systems now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cisco Security Professional's Guide to Secure Intrusion Detection Systems by Syngress

Cisco IDS Sensor Signatures

IP Signatures 1000 Series

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly