Ping a Specific Port

Question

James Hawkwind

Asked: 2010-03-29 05:00:19 +0800 CST2010-03-29 05:00:19 +0800 CST 2010-03-29 05:00:19 +0800 CST

Junos custom-attack signature pattern syntax

772

I am stuck at a point with the configuration of a custom-attack signature in Junos. According to the Junos Custom Attack Definition documentation page, I can set up a custom attack based upon a signature in the packet. In the documentation you can specify a "pattern" to match, but it fails to describe what the pattern syntax should be. Particularly, I want to match the HEX values of

8C 00 13 00

in the first four bytes of the TCP data payload. Does anyone know how to accomplish this correctly?

1 Answers

Voted

Hugo Garcia · Answer 1 · 2010-11-05T08:37:59+08:00

Best Answer

Hugo Garcia

2010-11-05T08:37:59+08:002010-11-05T08:37:59+08:00

You could look at other patterns on the defaul attack objects whit the command

show log /var/db/idpd/sec-download/SignatureUpdate.xml

here are a few exadecimal examples:

<Pattern><![CDATA[.*\xeb 2c 5b 89 d9 80 c1 06 39 d9 7c 07 80 01\x.*]]></Pattern> <Pattern><![CDATA[.*\xffff ff2f 4249 4e2f 5348 00\x.*]]></Pattern> <Pattern><![CDATA[.*\x7FFF FB78 7FFF FB78 7FFF FB78 7FFF FB78\x.*\x408A FFC8 4082 FFD8 3B36 FE03 3B76 FE02\x.*]]></Pattern> <Pattern><![CDATA[.*\xeb23 5e33 c088 46fa 8946 f589 36\x.*]]></Pattern>

so your pattern shoul be:

<Pattern><![CDATA[.*\x8C 00 13 00\x.*]]></Pattern>

2

Junos custom-attack signature pattern syntax

Ping a Specific Port

How do I tell Git for Windows where to find my private RSA key?

How do you restart php-fpm?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?