Skip to main content
TomerDi1987
TomerDi1987
Visitor III
October 5, 2022
Question

custom ips signature

  • October 5, 2022
  • 3 replies
  • 2048 views

Hi,

I want to use IPs engine to block udp traffic that doesn't match specific byte in the payload.

I send udp data between to pc, the data payload in bytes is "74 65 73 74 74 65 73 74"

I want the IPs engine will check if "73" in byte number 3 how can I do it ?

I tried this, but its not working

F-SBID( --name "test"; --protocol udp; --pattern !"|73|"; --data_at 3,relative; --within 1,match;)

 

 

3 replies

Anthony_E
Staff
Anthony_E
Staff
October 9, 2022

Hello TomerDi1987,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Best Regards
    TomerDi1987
    TomerDi1987Author
    Visitor III
    October 11, 2022

    Hi Anthony,

    Thanks. I still didn't find the solution for this.

    Hope to hear from you soon.

    Anthony_E
    Staff
    Anthony_E
    Staff
    October 11, 2022

    Hello,

     

    Count on us to find an answer to your question as soon as possible.

     

    Regards,

    Best Regards
    Anthony_E
    Staff
    Anthony_E
    Staff
    October 11, 2022

    Hello,

     

    I have found this guide:

     

    https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/f21167b4-200c-11e9-b6f6-f8bc1258b856/Custom_IPS_and_Application_Control_Signature-3.6-Syntax_Guide.pdf

     

    Could you please have a look and tell me if you find something interesting ?:)

     

    Regards,

    Best Regards
    Terms & ConditionsAccessibility statement