sig 993

c.alejandra · ‎05-11-2003

In regards to the line-card module: IDSM 3.

What does sig 993 quantify specifically when it is reached and 1 packet is missed; and then when 100% of the packets are missed.

By quantify, I mean, specific numbers in relation to line-card overhead or cpu processing, e.g. 89%.

What regex engine type is used within the code base-3

What metacharacters are supported; and is there a efficiency ratio being used in the IDSM team to rate the impact a regex string on the processing overhead?

Is there a way to perform process-tracking?

hadbou · ‎05-16-2003

The Regex string uses a STRING.HTTP engine, for the parameters used by this engine use the URL given below.

http://www.cisco.com/en/US/products/sw/secursw/ps2113/prod_technical_reference09186a00800eea84.html#xtocid2286720

c.alejandra · ‎05-16-2003

I did not include it, but was referring to idsm code base-3. The link describes ids code base-3 signature engines. Within the idsm code base-3, user manual input regex may supplement one of the four types of signatures, specifically string signatures. In respect to my question, I need to know what regex engine is it modelled after (standard), what metacharacters are supported. I would like to determine what the impact on the processing overhead is in order to assign a metric. I have found that the line card reportedly capable of up to 120 Mbps would not handle a single string of 100 bytes on a T1 at 60 % capacity of which a fraction was of correlative interest to the string. This leads me to question whether there are quantitative metrics available to gauge the line card signature efficiency; and also lead to wandering whether there is supported process tracking avaialbe through the sensor (line-card or appliance) .