Symantec 10521146 Administration Guide - Page 182
Any Payload Offset, and Destination Port
UPC - 037648268134
View all Symantec 10521146 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 182 highlights
182 Detecting Configuring signature detection ■ In Protocol, enter a protocol from the pull-down list. ■ In Transit Type, which is active if you chose IP_OTHER from the Protocol pull-down list, enter a transit type from the pull-down list. 3 Click Next to proceed. 4 In Signature Description, enter optional notes, and click Next. 5 In User-defined Signature or Edit User-defined Signature, provide information for the following fields: ■ In Source IP, Source Port, Destination IP, and Destination Port, enter this information from the pull-down lists. ■ If Transit Type is TCP, in Match Type, click one of the following: -Click Stream to create a stream-based signature. -Click Packet to create a packet-based signature. Note that if you select anything other than TCP for Transit Type, Match Type is disabled. ■ In Direction, click server-bound or client-bound from the pull-down list. ■ In Encoding, enter the information from the pull-down list and click Next. 6 In User-defined Signature or Edit User-defined Signature, click Add and do one of the following: ■ Click Any Payload Offset, or specify a specific payload offset value. ■ In Regular Expression, enter a regular expression, and click OK. You can use default or user-defined Signature Variables in this expression. See "Adding new signature variables" on page 184. 7 If you return to User-defined Signature or Edit User-defined Signature, you can do the following: ■ Click Preview Signature to view a text file version. ■ Click Back to return to a previous step and change it. ■ Click Finish to save and close. ■ Click Cancel to exit without saving your work. 8 In User-defined Signatures, click Apply. Note: Expect a short delay before the signature is available to use. 9 After synchronization, reapply the edited signatures to the appropriate monitoring interfaces for the changes to take effect. See "Setting policies to interfaces" on page 115.