User's Manual
Chapter 22 IDP Commands
NXC CLI Reference Guide
155
22.3.6.1 Search Parameter Tables
The following table displays the command line severity, platform and policy type equivalent
values. If you want to combine platforms in a search, then add their respective numbers
together. For example, to search for signatures for Windows NT, Windows XP and Windows
2000 computers, then type “12” as the platform parameter.
The following table displays the command line service and action equivalent values.
If you
want to combine services in a search, then add their respective numbers together. For example,
to search for signatures for DNS, Finger and FTP services, then type “7” as the service
parameter.
22.3.6.2 Signature Search Example
This example command searches for all signatures in the LAN_IDP profile:
• Containing the text “worm” within the signature name
• With an ID of 12345
• Has a very low severity level
• Operates on the Windows NT platform
Table 87 Severity, Platform and Policy Type Command Values
SEVERITY PLATFORM POLICY TYPE
1 = Very Low
2 = Low
3 = Medium
4 = High
5 = Severe
1 = All
2 = Win95/98
4 = WinNT
8 = WinXP/2000
16 = Linux
32 = FreeBSD
64 = Solaris
128 = SGI
256 = Other-Unix
512 = Network-Device
1 = DoS
2 = Buffer-Overflow
3 = Access-Control
4 = Scan
5 = Backdoor/Trojan
6 = Others
7 = P2P
8 = IM
9 = Virtus/Worm
10 = Porn
11 = Web-Attack
12 = Spam
Table 88 Service and Action Command Values
SERVICE SERVICE ACTION
1 = DNS
2 = FINGER
4 = FTP
8 = MYSQL
16 = ICMP
32 = IM
64 = IMAP
128 = MISC
256 = NETBIOS
512 = NNTP
1024 = ORACLE
2048 = P2P
4096 = POP2
8192 = POP3
16384 = RPC
32768 = RSERVICES
65536 = SMTP
131072 = SNMP
262144 = SQL
524288 = TELNET
1048576 = TFTP
2097152 = n/a
4194304 = WEB_ATTACKS
8388608 = WEB_CGI
16777216 = WEB_FRONTPAGE
33554432 = WEB_IIS
67108864 = WEB_MISC
134217728 = WEB_PHP
268435456 = MISC_BACKDOOR
536870912 = MISC_DDOS
1073741824 = MISC_EXPLOIT
1 = None
2 = Drop
4 = Reject-sender
8 = Reject-receiver
16 = Reject-both