index out of range error while trying to create new custom IPS signature in fortigate

Question

hi there.i want it to monitor the order of the ciphersuites in a TLS client hello  POP3S traffic via a custom ips signature. unfortunately for me i get this error "index out of range " when trying to create the custom rule.here are my custom rule. F-SBID( -name "custom.cipher.suites"; --protocol tcp; --service SSL; --flow from_ client; --parsed_type TLS_V2; --dst_port 995; --seq 1, relative; --pattern "|c0 30 00 9f c0 9f c0 2f 00 9e c0 9e 00 3d 00 35 00 3c 00 2f  00 0a 00 ff|"; --distance 59,packet; --within 1,packet;). join to this post is my pcap screenshot showing what i want to monitor PS: am not sure that my rule is well written, any help regarding this last  one is more than appreciated.

nisrau · Answer

hi there.while trying to troubleshoot the syntax of my custom signature i realize that no matter how tried to shrink it suspecting that maybe  i am using a deprecated option or omitting something, i was getting the same error message: " index out of range" which lead me to think that i am missing something else here not related to the syntaxe.PS: my custom signature of shring it is like: "F-SBID( -name "custom.cipher.suites"; --protocol tcp;  --flow from_client; --dst_port 995; --dst_addr x.x.x.x; )"any help would be greatly appréicated because a mlost.best regards

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded