Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
900
Using Application Layer Preprocessors
Decoding the Session Initiation Protocol
Chapter 23
Methods to Check
Specifies SIP methods to detect. You can specify any of the following
currently defined SIP methods:
ack, benotify, bye, cancel, do, info, invite, join, message,
notify, options, prack, publish, quath, refer, register,
service, sprack, subscribe, unsubscribe, update
Methods are case-insensitive. The method name can include alphabetic
characters, numbers, and the underscore character. No other special
characters are permitted. Separate multiple methods with commas.
Because new SIP methods might be defined in the future, your configuration
Because new SIP methods might be defined in the future, your configuration
can include an alphabetic string that is not currently defined. The system
supports up to 32 methods, including the 21 currently defined methods and
an additional 11 methods. The system ignores any undefined methods that
you might configure.
Note that, in addition to any methods you specify for this option, the 32 total
Note that, in addition to any methods you specify for this option, the 32 total
methods includes methods specified using the
sip_method
keyword in
intrusion rules. See
on page 1155 for more information.
Maximum Dialogs within a Session
Specifies the maximum number of dialogs allowed within a stream session. If
more dialogs than this number are created, the oldest dialogs are dropped
until the number of dialogs does not exceed the maximum number specified;
an event also triggers when rule 140:27 is enabled.
You can specify an integer from 1 to 4194303.
You can specify an integer from 1 to 4194303.
Maximum Request URI Length
Specifies the maximum number of bytes to allow in the Request-URI header
field. A longer URI triggers an event when rule 140:3 is enabled. The request
URI field indicates the destination path or page for the request.
Maximum Call ID Length
Specifies the maximum number of bytes to allow in the request or response
Call-ID header field. A longer Call-ID triggers an event when rule 140:5 is
enabled. The Call-ID field uniquely identifies the SIP session in requests and
responses.
Maximum Request Name Length
Specifies the maximum number of bytes to allow in the request name, which
is the name of the method specified in the CSeq transaction identifier. A
longer request name triggers an event when rule 140:7 is enabled.