-- ----------------------------------------------------------------------------- -- MIB NAME : DoS Prevention Common mib -- FILE NAME: DOSprev.mib -- DATE : 2011/02/21 -- VERSION : 2.06 -- PURPOSE : To construct the MIB structure for DoS Prevention feature -- for proprietary enterprise -- ----------------------------------------------------------------------------- -- MODIFICATION HISTORY: -- ----------------------------------------------------------------------------- -- Version, Date, Author -- Description: -- [New Object] -- [Modification] -- Notes: (Requested by who and which project) -- ----------------------------------------------------------------------------- -- Version 2.06, 2011/02/21, Randy Xie -- [New Object] -- Add swDoSFunctionVersion -- Notes: display the function version -- ----------------------------------------------------------------------------- -- Version 2.05, 2011/01/24, Randy -- [New Object] -- 1. Add swDoSLogState and swDoSTrapState to configure the DoS trap and Log state. -- [Modification] -- 1. Add new DoS type in swDoSClearCounters: -- arp-mac-sa-mismatch(10), -- fraggle-attack(11), -- icmp-redirect-attack(12), -- icmp-unreachable-attack(13), -- ip-route-record-attac(14), -- ip-source-route-attack(15), -- ping-death-attack(16), -- tcp-flag-synrst(17), -- tcp-over-mac-mcbc(18), -- tcp-syn-with-data(19), -- tcp-tiny-frag-attack(20), -- tcpudp-port-zero(21), -- tracert-attack(22), -- winnuke-attack (23). -- 2. Add new DoS type in swDoSCtrlType: -- arp-mac-sa-mismatch(10), -- fraggle-attack(11), -- icmp-redirect-attack(12), -- icmp-unreachable-attack(13), -- ip-route-record-attac(14), -- ip-source-route-attack(15), -- ping-death-attack(16), -- tcp-flag-synrst(17), -- tcp-over-mac-mcbc(18), -- tcp-syn-with-data(19), -- tcp-tiny-frag-attack(20), -- tcpudp-port-zero(21), -- tracert-attack(22), -- winnuke-attack (23). -- 3. Modifiy the description of swDoSAttackDetected. -- ----------------------------------------------------------------------------- -- Version 2.04, 2008/09/18, Marco -- rename *DOS* to *DoS* -- modify description for swDOSCtrl* objects -- ----------------------------------------------------------------------------- -- Version 2.03, 2008/09/05, Marco -- rename swDOSDOSAttackDetected to swDOSAttackDetected -- ----------------------------------------------------------------------------- -- Version 2.02, 2008/08/13, Peter Hsieh -- Remove swDOSNotifyVarMacAddr object for DoS trap -- Notes: Requested by Customer -- ----------------------------------------------------------------------------- -- Version 2.01, 2008/03/24, Peter Hsieh -- Add swDOSNotify swDOSNotifyPrefix swDOSDOSAttackDetected -- swDOSNotifyVarBindings swDOSNotifyVarIpAddr swDOSNotifyVarMacAddr -- swDOSNotifyVarPortNumber objects for DoS trap -- Notes: Requested by Suger for project DES30xxp -- ----------------------------------------------------------------------------- -- Version 2.00, 2008/02/29, Marco -- This is the first formal version for universal MIB definition. -- ----------------------------------------------------------------------------- DOS-PREV-MIB DEFINITIONS ::= BEGIN IMPORTS TEXTUAL-CONVENTION FROM SNMPv2-TC MODULE-IDENTITY,OBJECT-TYPE, Unsigned32,Integer32, IpAddress FROM SNMPv2-SMI DisplayString,RowStatus, TruthValue,MacAddress FROM SNMPv2-TC dlink-common-mgmt FROM DLINK-ID-REC-MIB; swDoSMgmtMIB MODULE-IDENTITY LAST-UPDATED "201101240000Z" ORGANIZATION "D-Link Corp." CONTACT-INFO "http://support.dlink.com" DESCRIPTION "The MIB module for configuring the DoS prevention settings of the device." ::= { dlink-common-mgmt 59 } --*************************************************************************** -- swDoSCtrl --*************************************************************************** swDoSCtrl OBJECT IDENTIFIER ::= { swDoSMgmtMIB 1 } swDoSTrapLog OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2), other(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the status of the DoS prevention trap log." ::= { swDoSCtrl 1 } swDoSClearCounters OBJECT-TYPE SYNTAX INTEGER { land-attack(1), blat-attack(2), smurf-attack(3), tcp-null-scan(4), tcp-xmascan(5), tcp-synfin(6), tcp-syn-srcport-less-1024(7), all(8), other(9), arp-mac-sa-mismatch(10), fraggle-attack(11), icmp-redirect-attack(12), icmp-unreachable-attack(13), ip-route-record-attac(14), ip-source-route-attack(15), ping-death-attack(16), tcp-flag-synrst(17), tcp-over-mac-mcbc(18), tcp-syn-with-data(19), tcp-tiny-frag-attack(20), tcpudp-port-zero(21), tracert-attack(22), winnuke-attack (23) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object clears the DoS prevention frame counters." ::= { swDoSCtrl 2 } swDoSCtrlTable OBJECT-TYPE SYNTAX SEQUENCE OF SwDoSCtrlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that holds the DoS prevention settings of the device." ::= { swDoSCtrl 3 } swDoSCtrlEntry OBJECT-TYPE SYNTAX SwDoSCtrlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of DoS prevention settings of the device." INDEX { swDoSCtrlType } ::= { swDoSCtrlTable 1 } SwDoSCtrlEntry ::= SEQUENCE { swDoSCtrlType INTEGER, swDoSCtrlState INTEGER, swDoSCtrlActionType INTEGER, swDoSCtrlMirrorPort INTEGER, swDoSCtrlMirrorPriority INTEGER, swDoSCtrlMirrorRxRate INTEGER, swDoSCtrlFrameCount INTEGER } swDoSCtrlType OBJECT-TYPE SYNTAX INTEGER { land-attack(1), blat-attack(2), smurf-attack(3), tcp-null-scan(4), tcp-xmascan(5), tcp-synfin(6), tcp-syn-srcport-less-1024(7), arp-mac-sa-mismatch(10), fraggle-attack(11), icmp-redirect-attack(12), icmp-unreachable-attack(13), ip-route-record-attac(14), ip-source-route-attack(15), ping-death-attack(16), tcp-flag-synrst(17), tcp-over-mac-mcbc(18), tcp-syn-with-data(19), tcp-tiny-frag-attack(20), tcpudp-port-zero(21), tracert-attack(22), winnuke-attack (23) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the DoS prevention type." ::= { swDoSCtrlEntry 1 } swDoSCtrlState OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the status of the DoS prevention type." ::= { swDoSCtrlEntry 2 } swDoSCtrlActionType OBJECT-TYPE SYNTAX INTEGER { drop(1), mirror(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the action for the DoS prevention type. If this object is set to 'mirror' and swDoSCtrlState is set to 'enable', the configuration will not take effect until a valid mirror port is specified. If mirror port is not valid the behavior will be the same as 'drop'" ::= { swDoSCtrlEntry 3 } swDoSCtrlMirrorPort OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the port to which the attack packet will be forwarded. A value of 0 means that the DoS prevention action type is either not set to 'mirror'. or the 'mirror' DoS action is not active. When swDoSCtrlActionType is set to 'mirror' with swDoSCtrlState set to 'enable', setting this value to a valid port number will activate the 'mirror' DoS action." ::= { swDoSCtrlEntry 4 } swDoSCtrlMirrorPriority OBJECT-TYPE SYNTAX INTEGER (0..8) MAX-ACCESS read-write STATUS current DESCRIPTION "This object configures the priority of the detected packet. Valid priority values are from 0 to 7. The value 8 indicates that there will be no change in the priority of the DoS attack packet as it is forwarded to the mirror port. A valid mirror port must first be specified in order to set this value." ::= { swDoSCtrlEntry 5 } swDoSCtrlMirrorRxRate OBJECT-TYPE SYNTAX INTEGER (0..1024000) MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the rate of reception of DoS attack packets. The valid values are 64 to 1024000. A value of 0 indicates that the rate has no limit. The default value is 0. A valid mirror port must first be specified in order to set this value." ::= { swDoSCtrlEntry 6 } swDoSCtrlFrameCount OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of frames detected under the DoS prevention type. A valid mirror port must first be specified in order to set this value." ::= { swDoSCtrlEntry 7 } swDoSTrapState OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the status of the DoS prevention trap." ::= { swDoSCtrl 4 } swDoSLogState OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the status of the DoS prevention log." ::= { swDoSCtrl 5 } swDoSFunctionVersion OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the function version." ::= { swDoSCtrl 6 } --*************************************************************************** -- swDoSNotify --*************************************************************************** swDoSNotify OBJECT IDENTIFIER ::= { swDoSMgmtMIB 4 } swDoSNotifyPrefix OBJECT IDENTIFIER ::= { swDoSNotify 0 } swDoSAttackDetected NOTIFICATION-TYPE OBJECTS { swDoSCtrlType, swDoSNotifyVarIpAddr, swDoSNotifyVarPortNumber } STATUS current DESCRIPTION "This trap is sent when the specific DoS packet is received and trap is enabled." ::= { swDoSNotifyPrefix 1 } swDoSNotifyVarBindings OBJECT IDENTIFIER ::= { swDoSNotify 1 } swDoSNotifyVarIpAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "If the DoS packet is from the end station, represent the IP address of attacker; otherwise represent the router's IP" ::={swDoSNotifyVarBindings 1} swDoSNotifyVarPortNumber OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "This object indicates the attacked portNum with a string, For example, if the device is in standalone mode, and the port number is 23, the string should be 23. If the device is in stack mode, and the unit ID is 2, and the port number is 3, the string should be 2:3." ::={swDoSNotifyVarBindings 2} END