-- ============================================================================= -- Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P. -- -- Description: -- The file defines a MIB to provide wireless detection service feature. -- Reference: -- Version: V1.7 -- History: -- V1.0 created by shiyang (Richard) -- Initial version 2006-08-20 -- V1.1 2007-05-16 modified by shiyang (Richard) -- Add new objects of hpnicfDot11UnauthorSSIDName and hpnicfDot11WIDSAPID. -- V1.2 2007-06-19 modified by Deepthi -- Changed the hpnicfDot11RogueAPVendorOUI to hpnicfDot11RogueAPVendorName, -- Type : OCTET STRING and the Size list: 1: 3 should be removed. -- Changed the hpnicfDot11RogueStaVendorOUI to hpnicfDot11RogueStaVendorName, -- Type : OCTET STRING and the Size list: 1: 3 should be removed. -- Changed the field hpnicfDot11DetectMaxAPSigStrength in -- hpnicfDot11WIDSRogueAPExtTable to hpnicfDot11DetectCurAPSigStrength to -- hpnicfDot11DetectCurAPSigStrength -- Changed the field hpnicfDot11DetectMaxStaSigStrength -- HpnicfDot11WIDSRogueStaExtEntry in hpnicfDot11WIDSRogueStaExtTable to -- hpnicfDot11DetectCurStaSigStrength -- Add new node hpnicfDot11WIDSPermitVendorName in -- hpnicfDot11WIDSPermitVendorEntry -- Remove the field Country Spec(2), ChannelSpec(3) in -- hpnicfDot11WIDSGlobalConfigGroup in hpnicfDot11WIDSScanMode. -- Obsolete the node hpnicfDot11WIDSScanChannelList in -- hpnicfDot11WIDSGlobalConfigGroup -- Add the node hpnicfDot11WIDSScanType to hpnicfDot11WIDSGlobalConfigGroup -- V1.3 2008-07-25 modified by heziqi -- Add new node hpnicfDot11CntMsrEnable, hpnicfDot11CntMsrMode, -- hpnicfDot11DevAgingTime, hpnicfDot11DynBlkListEnable, -- hpnicfDot11DynBlkListLifeTime, hpnicfDot11FloodAtkDctEnable, -- hpnicfDot11SpoofAtkDctEnable, hpnicfDot11WeakIVAtkDctEnable, -- hpnicfDot11ResetWIDSRogueHistory, hpnicfDot11ResetWIDSHistroy, -- hpnicfDot11ResetWIDSStatistics, hpnicfDot11ResetAllDynBlkList, -- hpnicfDot11ResetAllStcBlkList, hpnicfDot11ResetAllWhtBlkList, -- hpnicfDot11ResetAllDctRogueAP, hpnicfDot11ResetAllDctRogueSta, -- hpnicfDot11ResetAllDctAdhoc, hpnicfDot11ResetAllDctDevice, -- hpnicfDot11ResetAllDctSSID in hpnicfDot11WIDSGlobalConfigGroup. -- Add new node hpnicfDot11PermitSSIDDetected -- in hpnicfDot11WIDSPermitSSIDTable. -- Add new node hpnicfDot11IgnoreMACDetected, hpnicfDot11IgnoreDevType -- in hpnicfDot11WIDSIgnoreListTable. -- Add new table hpnicfDot11StaticWhiteListTable, -- hpnicfDot11StaticBlackListTable, hpnicfDot11WIDSRogueAPTable, -- hpnicfDot11WIDSRogueStaTable, hpnicfDot11WIDSDetectedDevTable, -- hpnicfDot11WIDSRptAPTable, hpnicfDot11DynBlackListTable, -- hpnicfDot11WIDSRogueHistoryTable, hpnicfDot11WIDSAtkHistroyTable -- in hpnicfDot11WIDSDetectGroup. -- Add hpnicfDot11WIDSAtkStatis in hpnicfDot11WIDSDetectGroup. -- Add notification hpnicfDot11WIDSDetectAttack and -- hpnicfDot11WIDSDetectWBridge. -- V1.4 2009-05-07 modified by Li Yugang, Wang Shaojie, Sun Shuai -- Add hpnicfDot11WidsFloodInterval, hpnicfDot11WidsBlackListThreshold, -- hpnicfDot11SSIDFilterOnOff, hpnicfDot11BSSIDFilterOnOff to -- hpnicfDot11WIDSGlobalConfigGroup. -- Add hpnicfDot11WIDSPermitBSSIDTable to hpnicfDot11WIDSConfigGroup. -- Add hpnicfDot11WIDSFloodTrap, hpnicfDot11WIDSSpoofTrap, -- hpnicfDot11WIDSWeakIVTrap to hpnicfDot11WIDSTraps. -- Add hpnicfDot11MonitorAPID,hpnicfDot11MonitorApRadioID, -- hpnicfDot11WIDSAtkMac, hpnicfDot11WIDSAtkFrameType -- to hpnicfDot11WIDSTrapVarObjects. -- V1.5 2009-07-29 modified by heziqi -- Add new node hpnicfDot11WIDSDevSnr for hpnicfDot11WIDSDetectedDevTable. -- V1.6 2010-01-07 modified by Wang Shaojie -- Add new node hpnicfDot11RogueAPFirstDetectTmStr, -- hpnicfDot11RogueAPLastDetectTmStr to hpnicfDot11WIDSRogueAPTable -- Add new node hpnicfDot11RogueStaFirstDetectTmStr, -- hpnicfDot11RogueStaLastDetectTmStr to hpnicfDot11WIDSRogueStaTable -- Add hpnicfDot11WIDSAtkChannel, hpnicfDot11WIDSAtkTime, -- hpnicfDot11WIDSAtkDestMac to hpnicfDot11WIDSTrapVarObjects. -- 2010-03-18 Modified by Deng Gaoliang -- Add hpnicfDot11BlackListTable -- 2010-05-31 Modified by LiuChen -- Add new node hpnicfDot11DynBlackListTimeTicks to -- hpnicfDot11DynBlackListTable. -- Add new node hpnicfDot11BlackListTimeTicks to -- hpnicfDot11BlackListTable. -- V1.7 2011-10-28 modified by jiaolibin -- Add hpnicfDot11WIDSFirstTrapTime to hpnicfDot11WIDSTrapVarObjects and -- varialbe bingings hpnicfDot11WIDSFirstTrapTime for hpnicfDot11WIDSFloodTrap, -- hpnicfDot11WIDSSpoofTrap,hpnicfDot11WIDSWeakIVTrap. -- ============================================================================= HPN-ICF-DOT11-WIDS-MIB DEFINITIONS ::= BEGIN IMPORTS TruthValue, MacAddress, RowStatus, DateAndTime, TEXTUAL-CONVENTION FROM SNMPv2-TC MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32, Unsigned32, TimeTicks FROM SNMPv2-SMI hpnicfDot11, HpnicfDot11SSIDStringType, HpnicfDot11ChannelScopeType, HpnicfDot11RadioScopeType, HpnicfDot11ObjectIDType, HpnicfDot11RadioType FROM HPN-ICF-DOT11-REF-MIB; hpnicfDot11WIDS MODULE-IDENTITY LAST-UPDATED "201005311800Z" -- May 31, 2010 at 18:00 GMT ORGANIZATION "" CONTACT-INFO "" DESCRIPTION "This MIB provides information about WIDS feature. GLOSSARY Wireless Intrusion Detection Sensor (WIDS) WIDS is designed to be employed in an area that is serviced by an existing wireless network. It aids in the early detection of malicious outsider attacks and intrusions via wireless networks. Rogue AP A rogue access point is any Wi-Fi access point connected to the network without authorization. As it is not authorized, if there is any weakness in the AP, the hacker will have chance to compromise the network. Rogue Station It is similiar to Rogue AP, while it is a station. Monitor AP An AP will scan or listen to the air, and try to detect wireless attack in the network. Some AP products will work only in monitor role, while some AP products could switch between normal AP role (only provide wireless access service)and monitor AP role. Ad Hoc Mode Station could work under Ad hoc mode, then they could directly do peer-to-peer communication without other device support." REVISION "201005311800Z" -- May 31, 2010 at 18:00 GMT DESCRIPTION "Modified to add new nodes." REVISION "200907291800Z" -- Jul 29, 2009 at 18:00 GMT DESCRIPTION "Modified to add new nodes." REVISION "200905072000Z" -- May 7, 2009 at 20:00 GMT DESCRIPTION "Add new nodes and table to support new featrues of WIDS." REVISION "200807251900Z" -- July 23, 2008 at 19:00 GMT DESCRIPTION "Add new nodes to support new featrues of WIDS." REVISION "200706191900Z" -- June 19, 2007 at 19:00 GMT DESCRIPTION "To fix bugs in the MIB file." REVISION "200705161900Z" -- May 16, 2007 at 19:00 GMT DESCRIPTION "To fix bugs in the MIB file." REVISION "200608201900Z" -- August 20, 2006 at 19:00 GMT DESCRIPTION "The initial revision of this MIB module." ::= { hpnicfDot11 5 } -- ================================================================== -- Textual Conventions -- ================================================================== HpnicfDot11WIDSDevType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The type of device detected." SYNTAX INTEGER { client(1), ap(2), adhoc(3), wirelessBridge(4), unknown(5) } HpnicfDot11WIDSDevPermitType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Represents whether the detected device is permitted or a rogue." SYNTAX INTEGER { permit(1), rogue(2) } HpnicfDot11WIDSAtkType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The type of attack. This object has following defined values: 'act': Action Frame 'asr': Association Request 'aur': Authentication Request 'daf': Deauthentication Frame 'dar': Disassociation Request 'ndf': Null Data Frame 'pbr': Probe Request 'rar': Reassociation Request 'saf': Spoofed Disassociation Frame 'sdf': Spoofed Deauthentication Frame 'wiv': Weak IV Detected" SYNTAX INTEGER { act(1), asr(2), aur(3), daf(4), dar(5), ndf(6), pbr(7), rar(8), saf(9), sdf(10), wiv(11), unknown(12) } -- ***************************************************************************** -- * Major sections -- ***************************************************************************** -- WIDS Configuration Group -- DEFINED AS "The group to provide the configuration information -- for WIDS." hpnicfDot11WIDSConfigGroup OBJECT IDENTIFIER ::= { hpnicfDot11WIDS 1 } -- The Configuration Group has the following children: hpnicfDot11WIDSGlobalConfigGroup OBJECT IDENTIFIER ::= { hpnicfDot11WIDSConfigGroup 1 } -- hpnicfDot11WIDSPermitVendorTable ::= { hpnicfDot11WIDSConfigGroup 2 } -- hpnicfDot11WIDSPermitSSIDTable ::= { hpnicfDot11WIDSConfigGroup 3 } -- hpnicfDot11WIDSIgnoreListTable ::= { hpnicfDot11WIDSConfigGroup 4 } -- hpnicfDot11WIDSAttackListTable ::= { hpnicfDot11WIDSConfigGroup 5 } -- WIDS detection Group -- DEFINED AS "The group to provide the detection information -- for WIDS." hpnicfDot11WIDSDetectGroup OBJECT IDENTIFIER ::= { hpnicfDot11WIDS 2 } -- The detection Group has the following children: -- hpnicfDot11WIDSRogueAPTable ::= { hpnicfDot11WIDSDetectGroup 1 } -- hpnicfDot11WIDSRogueAPExtTable ::= { hpnicfDot11WIDSDetectGroup 2 } -- hpnicfDot11WIDSRogueStaTable ::= { hpnicfDot11WIDSDetectGroup 3 } -- hpnicfDot11WIDSRogueStaExtTable ::= { hpnicfDot11WIDSDetectGroup 4 } -- WIDS Notification -- DEFINED AS "The notification for WIDS feature." hpnicfDot11WIDSNotifyGroup OBJECT IDENTIFIER ::= { hpnicfDot11WIDS 3 } -- ***************************************************************************** -- * hpnicfDot11WIDSGlobalConfigGroup Definition -- ***************************************************************************** hpnicfDot11WIDSScanMode OBJECT-TYPE SYNTAX INTEGER { all(1), auto(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Represents the scope of channels to be scanned. The following value are supported all(1) - Do scan on all the channels. auto(2) - Do scan for the channels that automatically selected by WIDS." DEFVAL { auto } ::= { hpnicfDot11WIDSGlobalConfigGroup 1 } hpnicfDot11WIDSScanChannelList OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..128)) MAX-ACCESS read-write STATUS obsolete DESCRIPTION "Represents the channel scope to be scanned when hpnicfDot11WIDSScanMode is configurated as channelSpec mode. Each channel value will be separated by comma character." ::= { hpnicfDot11WIDSGlobalConfigGroup 2 } hpnicfDot11CntMsrMode OBJECT-TYPE SYNTAX BITS { rogue(0), adhoc(1), config(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Represents the countermeasures mode." ::= { hpnicfDot11WIDSGlobalConfigGroup 3 } hpnicfDot11DevAgingTime OBJECT-TYPE SYNTAX Integer32(300..1800) UNITS "second" MAX-ACCESS read-write STATUS current DESCRIPTION "Represents the age time for entries in the detected device table. If an entry is not detected within the interval, it is deleted from the detected device table. If the deleted entry is that of a rogue, it is added into the rogue history table." ::= { hpnicfDot11WIDSGlobalConfigGroup 4 } hpnicfDot11DynBlkListEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Represents whether the dynamic blacklist feature is enabled or not. 'true' : Enable the dynamic blacklist feature to filter out unwanted clients, which will not get associated. 'false' : Disable the dynamic blacklist feature." ::= { hpnicfDot11WIDSGlobalConfigGroup 5 } hpnicfDot11DynBlkListLifeTime OBJECT-TYPE SYNTAX Integer32(60..3600) UNITS "second" MAX-ACCESS read-write STATUS current DESCRIPTION "Represents the lifetime for dynamic blacklist entries. If a dynamic blacklist entry is not detected within the lifetime, the entry will be removed from the dynamic blacklist. The lifetime becomes active only if dynamic blacklist feature is enabled." ::= { hpnicfDot11WIDSGlobalConfigGroup 6 } hpnicfDot11FloodAtkDctEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Represents whether detection of flood attack is enabled or not. 'true' : Enable the detection of flood attack. 'false' : Disable the detection of flood attack." ::= { hpnicfDot11WIDSGlobalConfigGroup 7 } hpnicfDot11SpoofAtkDctEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Represents whether detection of Spoof attack is enabled or not. 'true' : Enable the detection of Spoof attack. 'false' : Disable the detection of Spoof attack." ::= { hpnicfDot11WIDSGlobalConfigGroup 8 } hpnicfDot11WeakIVAtkDctEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Represents whether detection of weak-iv attack is enabled or not. 'true' : Enable the detection of weak-iv attack. 'false' : Disable the detection of weak-iv attack." ::= { hpnicfDot11WIDSGlobalConfigGroup 9 } hpnicfDot11ResetWIDSRogueHistory OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clear all entries from the rogue history table. It will return false for get operation." ::= { hpnicfDot11WIDSGlobalConfigGroup 10 } hpnicfDot11ResetWIDSHistroy OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clear the history information of attacks detected in the WLAN system. It will return false for get operation." ::= { hpnicfDot11WIDSGlobalConfigGroup 11 } hpnicfDot11ResetWIDSStatistics OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clear the statistics of attacks detected in the WLAN system. It will return false for get operation." ::= { hpnicfDot11WIDSGlobalConfigGroup 12 } hpnicfDot11ResetAllDynBlkList OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to remove all entries from the dynamic blacklist. It will return false for get operation." ::= { hpnicfDot11WIDSGlobalConfigGroup 13 } hpnicfDot11ResetAllStcBlkList OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to remove all entries from the static blacklist. It will return false for get operation." ::= { hpnicfDot11WIDSGlobalConfigGroup 14 } hpnicfDot11ResetAllWhtBlkList OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to remove all entries from the static whitelist. It will return false for get operation." ::= { hpnicfDot11WIDSGlobalConfigGroup 15 } hpnicfDot11ResetAllDctRogueAP OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clear the information of all detected rogue APs. It will return false for get operation." ::= { hpnicfDot11WIDSGlobalConfigGroup 16 } hpnicfDot11ResetAllDctRogueSta OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clear the information of all detected rogue clients. It will return false for get operation." ::= { hpnicfDot11WIDSGlobalConfigGroup 17 } hpnicfDot11ResetAllDctAdhoc OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clear the information of all detected ad hoc devices. It will return false for get operation." ::= { hpnicfDot11WIDSGlobalConfigGroup 18 } hpnicfDot11ResetAllDctDevice OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clear the information of all detected devices. It will return false for get operation." ::= { hpnicfDot11WIDSGlobalConfigGroup 19 } hpnicfDot11ResetAllDctSSID OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clear the information of all detected SSIDs. It will return false for get operation." ::= { hpnicfDot11WIDSGlobalConfigGroup 20 } hpnicfDot11WidsFloodInterval OBJECT-TYPE SYNTAX Unsigned32 UNITS "second" MAX-ACCESS read-write STATUS current DESCRIPTION "The interval of WIDS flood detection." DEFVAL { 1 } ::= { hpnicfDot11WIDSGlobalConfigGroup 21 } hpnicfDot11WidsBlackListThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "When flood attack exceeds the value of this node, the MAC address will be added into black list." DEFVAL { 100 } ::= { hpnicfDot11WIDSGlobalConfigGroup 22 } hpnicfDot11SSIDFilterOnOff OBJECT-TYPE SYNTAX INTEGER { on(1), off(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Represents whether the SSID permit feature is enabled or not." DEFVAL { on } ::= { hpnicfDot11WIDSGlobalConfigGroup 23 } hpnicfDot11BSSIDFilterOnOff OBJECT-TYPE SYNTAX INTEGER { on(1), off(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Represents whether the BSSID permit feature is enabled or not." DEFVAL { on } ::= { hpnicfDot11WIDSGlobalConfigGroup 24 } -- ********************************************************************** -- * End of hpnicfDot11WIDSGlobalConfigGroup Definition -- ***************************************************************************** -- ***************************************************************************** -- * hpnicfDot11WIDSPermitVendorTable Definition -- ***************************************************************************** hpnicfDot11WIDSPermitVendorTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDot11WIDSPermitVendorEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table provides the permitted vendor list, and each vendor will be identified by OUI. The legal device should be made by the permitted vendors." ::= { hpnicfDot11WIDSConfigGroup 2 } hpnicfDot11WIDSPermitVendorEntry OBJECT-TYPE SYNTAX HpnicfDot11WIDSPermitVendorEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry provides the information of permitted vendor." INDEX { hpnicfDot11VendorOUI } ::= { hpnicfDot11WIDSPermitVendorTable 1 } HpnicfDot11WIDSPermitVendorEntry ::= SEQUENCE { hpnicfDot11VendorOUI OCTET STRING, hpnicfDot11PermitVendorRowStatus RowStatus, hpnicfDot11VendorName OCTET STRING } hpnicfDot11VendorOUI OBJECT-TYPE SYNTAX OCTET STRING(SIZE(3)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the vendor OUI information of the wireless device." ::= { hpnicfDot11WIDSPermitVendorEntry 1 } hpnicfDot11PermitVendorRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this table entry." ::= { hpnicfDot11WIDSPermitVendorEntry 2 } hpnicfDot11VendorName OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..127)) MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the vendor name of the wireless device." ::= { hpnicfDot11WIDSPermitVendorEntry 3 } -- ***************************************************************************** -- * End of hpnicfDot11WIDSPermitVendorTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * hpnicfDot11WIDSPermitSSIDTable Definition -- ***************************************************************************** hpnicfDot11WIDSPermitSSIDTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDot11WIDSPermitSSIDEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table represents the list of SSID could be permitted in the wireless network." ::= { hpnicfDot11WIDSConfigGroup 3 } hpnicfDot11WIDSPermitSSIDEntry OBJECT-TYPE SYNTAX HpnicfDot11WIDSPermitSSIDEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry provides the information of permitted SSID." INDEX { hpnicfDot11PermitSSID } ::= { hpnicfDot11WIDSPermitSSIDTable 1 } HpnicfDot11WIDSPermitSSIDEntry ::= SEQUENCE { hpnicfDot11PermitSSID HpnicfDot11SSIDStringType, hpnicfDot11PermitSSIDRowStatus RowStatus, hpnicfDot11PermitSSIDDetected TruthValue } hpnicfDot11PermitSSID OBJECT-TYPE SYNTAX HpnicfDot11SSIDStringType(SIZE(0..127)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the permitted SSID in the wireless network." ::= { hpnicfDot11WIDSPermitSSIDEntry 1 } hpnicfDot11PermitSSIDRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this table entry." ::= { hpnicfDot11WIDSPermitSSIDEntry 2 } hpnicfDot11PermitSSIDDetected OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether the permitted SSID is detected or not." ::= { hpnicfDot11WIDSPermitSSIDEntry 3 } -- ***************************************************************************** -- * End of hpnicfDot11WIDSPermitSSIDTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * hpnicfDot11WIDSIgnoreListTable Definition -- ***************************************************************************** hpnicfDot11WIDSIgnoreListTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDot11WIDSIgnoreListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table provides the MAC address list of stations or APs, and WIDS always take them as legal stations or APs." ::= { hpnicfDot11WIDSConfigGroup 4 } hpnicfDot11WIDSIgnoreListEntry OBJECT-TYPE SYNTAX HpnicfDot11WIDSIgnoreListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the MAC address of station or AP, and WIDS always take it as legal station or AP." INDEX { hpnicfDot11IgnoreMAC } ::= { hpnicfDot11WIDSIgnoreListTable 1 } HpnicfDot11WIDSIgnoreListEntry ::= SEQUENCE { hpnicfDot11IgnoreMAC MacAddress, hpnicfDot11IgnoreListRowStatus RowStatus, hpnicfDot11IgnoreMACDetected TruthValue, hpnicfDot11IgnoreDevType HpnicfDot11WIDSDevType } hpnicfDot11IgnoreMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the MAC address of station or AP, and WIDS always take it as legal station or AP." ::= { hpnicfDot11WIDSIgnoreListEntry 1 } hpnicfDot11IgnoreListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this table entry." ::= { hpnicfDot11WIDSIgnoreListEntry 2 } hpnicfDot11IgnoreMACDetected OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether the MAC address detected or not." ::= { hpnicfDot11WIDSIgnoreListEntry 3 } hpnicfDot11IgnoreDevType OBJECT-TYPE SYNTAX HpnicfDot11WIDSDevType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the type of the MAC address detected. The value of this object always is unknown if the MAC address is not detected." ::= { hpnicfDot11WIDSIgnoreListEntry 4 } -- ***************************************************************************** -- * End of hpnicfDot11WIDSIgnoreListTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * hpnicfDot11WIDSAttackListTable Definition -- ***************************************************************************** hpnicfDot11WIDSAttackListTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDot11WIDSAttackListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table provides the MAC address list of rogue APs or rogue stations, the WIDS will take countermeasure as per the MAC address list." ::= { hpnicfDot11WIDSConfigGroup 5 } hpnicfDot11WIDSAttackListEntry OBJECT-TYPE SYNTAX HpnicfDot11WIDSAttackListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the MAC address of rogue AP or rogue station, and the countermeasure will be taken for it." INDEX { hpnicfDot11AttackDeviceMac } ::= { hpnicfDot11WIDSAttackListTable 1 } HpnicfDot11WIDSAttackListEntry ::= SEQUENCE { hpnicfDot11AttackDeviceMac MacAddress, hpnicfDot11AttackListRowStatus RowStatus, hpnicfDot11AttackDevDetected TruthValue, hpnicfDot11AttackDevType HpnicfDot11WIDSDevType } hpnicfDot11AttackDeviceMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the MAC address of rogue AP or rogue station, and the countermeasure will be taken for it." ::= { hpnicfDot11WIDSAttackListEntry 1 } hpnicfDot11AttackListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this table entry." ::= { hpnicfDot11WIDSAttackListEntry 2 } hpnicfDot11AttackDevDetected OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether the assigned MAC address in attack list is detected or not." ::= { hpnicfDot11WIDSAttackListEntry 3 } hpnicfDot11AttackDevType OBJECT-TYPE SYNTAX HpnicfDot11WIDSDevType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the type of detected MAC address in attack list. If the MAC address is not detected, it will return unknown(5) for get operation." ::= { hpnicfDot11WIDSAttackListEntry 4 } -- ***************************************************************************** -- * End of hpnicfDot11WIDSAttackListTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * hpnicfDot11StaticWhiteListTable Definition -- ***************************************************************************** hpnicfDot11StaticWhiteListTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDot11StaticWhiteListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table provides the information of whitelist." ::= { hpnicfDot11WIDSConfigGroup 6 } hpnicfDot11StaticWhiteListEntry OBJECT-TYPE SYNTAX HpnicfDot11StaticWhiteListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the information of whitelist." INDEX { hpnicfDot11StaticWhiteListMAC } ::= { hpnicfDot11StaticWhiteListTable 1 } HpnicfDot11StaticWhiteListEntry ::= SEQUENCE { hpnicfDot11StaticWhiteListMAC MacAddress, hpnicfDot11StaticWhiteListRowStatus RowStatus } hpnicfDot11StaticWhiteListMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the MAC addresses in whitelist." ::= { hpnicfDot11StaticWhiteListEntry 1 } hpnicfDot11StaticWhiteListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this table entry." ::= { hpnicfDot11StaticWhiteListEntry 2 } -- ***************************************************************************** -- * End of hpnicfDot11StaticWhiteListTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * hpnicfDot11StaticBlackListTable Definition -- ***************************************************************************** hpnicfDot11StaticBlackListTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDot11StaticBlackListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table provides the information of static blacklist." ::= { hpnicfDot11WIDSConfigGroup 7 } hpnicfDot11StaticBlackListEntry OBJECT-TYPE SYNTAX HpnicfDot11StaticBlackListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the information of static blacklist." INDEX { hpnicfDot11StaticBlackListMAC } ::= { hpnicfDot11StaticBlackListTable 1 } HpnicfDot11StaticBlackListEntry ::= SEQUENCE { hpnicfDot11StaticBlackListMAC MacAddress, hpnicfDot11StaticBlackListRowStatus RowStatus } hpnicfDot11StaticBlackListMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the MAC addresses in static blacklist." ::= { hpnicfDot11StaticBlackListEntry 1 } hpnicfDot11StaticBlackListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this table entry." ::= { hpnicfDot11StaticBlackListEntry 2 } -- ***************************************************************************** -- * End of hpnicfDot11StaticBlackListTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * hpnicfDot11WIDSPermitBSSIDTable Definition -- ***************************************************************************** hpnicfDot11WIDSPermitBSSIDTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDot11WIDSPermitBSSIDEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table represents the list of BSSID could be permitted in the wireless network." ::= { hpnicfDot11WIDSConfigGroup 8 } hpnicfDot11WIDSPermitBSSIDEntry OBJECT-TYPE SYNTAX HpnicfDot11WIDSPermitBSSIDEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry provides the information of permitted BSSID." INDEX { hpnicfDot11PermitBSSID } ::= { hpnicfDot11WIDSPermitBSSIDTable 1 } HpnicfDot11WIDSPermitBSSIDEntry ::= SEQUENCE { hpnicfDot11PermitBSSID MacAddress, hpnicfDot11PermitBSSIDDetected TruthValue, hpnicfDot11PermitBSSIDRowStatus RowStatus } hpnicfDot11PermitBSSID OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the permitted BSSID in the wireless network." ::= { hpnicfDot11WIDSPermitBSSIDEntry 1 } hpnicfDot11PermitBSSIDDetected OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether the permitted BSSID is detected or not." ::= { hpnicfDot11WIDSPermitBSSIDEntry 2 } hpnicfDot11PermitBSSIDRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Represents the row status of permit BSSID table." ::= { hpnicfDot11WIDSPermitBSSIDEntry 3 } -- ***************************************************************************** -- * End of hpnicfDot11StaticBlackListTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * hpnicfDot11WIDSRogueAPTable Definition -- ***************************************************************************** hpnicfDot11WIDSRogueAPTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDot11WIDSRogueAPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table represents the list of possible BSS information for rogue APs detected by the WIDS." ::= { hpnicfDot11WIDSDetectGroup 1 } hpnicfDot11WIDSRogueAPEntry OBJECT-TYPE SYNTAX HpnicfDot11WIDSRogueAPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains possible BSS information of each rogue AP detected by WIDS." INDEX { hpnicfDot11RogueAPBSSMAC } ::= { hpnicfDot11WIDSRogueAPTable 1 } HpnicfDot11WIDSRogueAPEntry ::= SEQUENCE { hpnicfDot11RogueAPBSSMAC MacAddress, hpnicfDot11RogueAPVendorName OCTET STRING, hpnicfDot11RogueAPMonitorNum Integer32, hpnicfDot11RogueAPFirstDetectTm TimeTicks, hpnicfDot11RogueAPLastDetectTm TimeTicks, hpnicfDot11RogueAPSSID HpnicfDot11SSIDStringType, hpnicfDot11RogueAPMaxSigStrength Integer32, hpnicfDot11RogueAPChannel HpnicfDot11ChannelScopeType, hpnicfDot11RogueAPBeaconInterval Integer32, hpnicfDot11RogueAPAttackedStatus TruthValue, hpnicfDot11RogueAPToIgnore TruthValue, hpnicfDot11RogueAPEncryptStatus TruthValue, hpnicfDot11RogueAPReset TruthValue, hpnicfDot11RogueAPFirstDetectTmStr OCTET STRING, hpnicfDot11RogueAPLastDetectTmStr OCTET STRING } hpnicfDot11RogueAPBSSMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the BSS MAC address of rogue AP." ::= { hpnicfDot11WIDSRogueAPEntry 1 } hpnicfDot11RogueAPVendorName OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..127)) MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the vendor name of rogue AP." ::= { hpnicfDot11WIDSRogueAPEntry 2 } hpnicfDot11RogueAPMonitorNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the number of monitor APs which detected the rogue AP." ::= { hpnicfDot11WIDSRogueAPEntry 3 } hpnicfDot11RogueAPFirstDetectTm OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that AP was detected as a rogue AP for the first time." ::= { hpnicfDot11WIDSRogueAPEntry 4 } hpnicfDot11RogueAPLastDetectTm OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that AP was detected as a rogue AP for the last time." ::= { hpnicfDot11WIDSRogueAPEntry 5 } hpnicfDot11RogueAPSSID OBJECT-TYPE SYNTAX HpnicfDot11SSIDStringType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the SSID broadcasted by rogue AP." ::= { hpnicfDot11WIDSRogueAPEntry 6 } hpnicfDot11RogueAPMaxSigStrength OBJECT-TYPE SYNTAX Integer32 UNITS "dBm" MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the maximal value of signal strength that WIDS received from the rogue AP." ::= { hpnicfDot11WIDSRogueAPEntry 7 } hpnicfDot11RogueAPChannel OBJECT-TYPE SYNTAX HpnicfDot11ChannelScopeType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents on which radio channel of the rogue AP the maximal signal strength was received." ::= { hpnicfDot11WIDSRogueAPEntry 8 } hpnicfDot11RogueAPBeaconInterval OBJECT-TYPE SYNTAX Integer32 UNITS "millisecond" MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the interval for Beacon management frame of rogue AP." ::= { hpnicfDot11WIDSRogueAPEntry 9 } hpnicfDot11RogueAPAttackedStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether the countermeasure have taken for the rogue AP." ::= { hpnicfDot11WIDSRogueAPEntry 10 } hpnicfDot11RogueAPToIgnore OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Represents whether the rogue AP will be taken as a rogue AP. If the value is true, NMS should not display the rogue AP as NMS display rogue AP list, and the MAC address will be automatically added into hpnicfDot11WIDSIgnoreListTable. If the value is false, NMS will take it as a rogue AP. " DEFVAL { false } ::= { hpnicfDot11WIDSRogueAPEntry 11 } hpnicfDot11RogueAPEncryptStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether the rogue AP encrypt the frame or not." ::= { hpnicfDot11WIDSRogueAPEntry 12 } hpnicfDot11RogueAPReset OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clear information of assigned AP. The information of AP which detect assigned rogue AP will be cleared together. It will return false for get operation." ::= { hpnicfDot11WIDSRogueAPEntry 13 } hpnicfDot11RogueAPFirstDetectTmStr OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that AP was detected as a rogue AP for the first time." ::= { hpnicfDot11WIDSRogueAPEntry 14 } hpnicfDot11RogueAPLastDetectTmStr OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that AP was detected as a rogue AP for the last time." ::= { hpnicfDot11WIDSRogueAPEntry 15 } -- ***************************************************************************** -- * end of hpnicfDot11WIDSRogueAPTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * hpnicfDot11WIDSRogueAPExtTable Definition -- ***************************************************************************** hpnicfDot11WIDSRogueAPExtTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDot11WIDSRogueAPExtEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "As each rogue AP could be detected by multiple monitor APs, each monitor AP could have some kind of detailed information about a specific rogue AP. In the hpnicfDot11WIDSRogueAPTable table, the detailed information for a specific rogue AP will be summarized from information in the hpnicfDot11WIDSRogueAPExtTable table. For example, multiple monitor APs could receive RF signal of one rogue AP, and each monitor AP has its maximum signal strength by itself. The information will be kept as hpnicfDot11DetectMaxAPSigStrength in the hpnicfDot11WIDSRogueAPExtTable table. While only the maximum value among all the hpnicfDot11DetectMaxAPSigStrength for each monitor AP will be kept in the hpnicfDot11WIDSRogueAPTable as hpnicfDot11RogueAPMaxSigStrength." ::= { hpnicfDot11WIDSDetectGroup 2 } hpnicfDot11WIDSRogueAPExtEntry OBJECT-TYPE SYNTAX HpnicfDot11WIDSRogueAPExtEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information of the rogue AP detected by each monitor AP." INDEX { hpnicfDot11RogueAPBSSMAC, hpnicfDot11WIDSAPID } ::= { hpnicfDot11WIDSRogueAPExtTable 1 } HpnicfDot11WIDSRogueAPExtEntry ::= SEQUENCE { hpnicfDot11WIDSAPID HpnicfDot11ObjectIDType, hpnicfDot11DetectCurAPSigStrength Integer32, hpnicfDot11DetectAPByChannel HpnicfDot11ChannelScopeType, hpnicfDot11DetectAPByRadioID HpnicfDot11RadioScopeType, hpnicfDot11AttackAPStatus TruthValue, hpnicfDot11DetectAPFirstTm TimeTicks, hpnicfDot11DetectAPLastTm TimeTicks } hpnicfDot11WIDSAPID OBJECT-TYPE SYNTAX HpnicfDot11ObjectIDType MAX-ACCESS not-accessible STATUS current DESCRIPTION "To uniquely identify each AP, and relation-ship between hpnicfDot11WIDSAPID and AP device will be static." ::= { hpnicfDot11WIDSRogueAPExtEntry 1 } hpnicfDot11DetectCurAPSigStrength OBJECT-TYPE SYNTAX Integer32 UNITS "dBm" MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the current value of signal strength that WIDS monitor AP received from the rogue AP." ::= { hpnicfDot11WIDSRogueAPExtEntry 2 } hpnicfDot11DetectAPByChannel OBJECT-TYPE SYNTAX HpnicfDot11ChannelScopeType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents on which radio channel that WIDS monitor AP detected the rogue AP." ::= { hpnicfDot11WIDSRogueAPExtEntry 3 } hpnicfDot11DetectAPByRadioID OBJECT-TYPE SYNTAX HpnicfDot11RadioScopeType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents on which radio the monitor AP has detected the rogue AP." ::= { hpnicfDot11WIDSRogueAPExtEntry 4 } hpnicfDot11AttackAPStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether monitor AP have taken countermeasure on the rogue AP." ::= { hpnicfDot11WIDSRogueAPExtEntry 5 } hpnicfDot11DetectAPFirstTm OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that monitor AP detected the rogue AP for the first time." ::= { hpnicfDot11WIDSRogueAPExtEntry 6 } hpnicfDot11DetectAPLastTm OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that monitor AP detected the rogue AP for the last time." ::= { hpnicfDot11WIDSRogueAPExtEntry 7 } -- ***************************************************************************** -- * end of hpnicfDot11WIDSRogueAPExtTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * hpnicfDot11WIDSRogueStaTable Definition -- ***************************************************************************** hpnicfDot11WIDSRogueStaTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDot11WIDSRogueStaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table represents the list of rogue stations detected by the WIDS." ::= { hpnicfDot11WIDSDetectGroup 3 } hpnicfDot11WIDSRogueStaEntry OBJECT-TYPE SYNTAX HpnicfDot11WIDSRogueStaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information of each rogue station." INDEX { hpnicfDot11RogueStaMAC } ::= { hpnicfDot11WIDSRogueStaTable 1 } HpnicfDot11WIDSRogueStaEntry ::= SEQUENCE { hpnicfDot11RogueStaMAC MacAddress, hpnicfDot11RogueStaVendorName OCTET STRING, hpnicfDot11RogueStaMonitorNum Integer32, hpnicfDot11RogueStaFirstDetectTm TimeTicks, hpnicfDot11RogueStaLastDetectTm TimeTicks, hpnicfDot11RogueStaAccessBSSID MacAddress, hpnicfDot11RogueStaMaxSigStrength Integer32, hpnicfDot11RogueStaChannel HpnicfDot11ChannelScopeType, hpnicfDot11RogueStaAttackedStatus TruthValue, hpnicfDot11RogueStaToIgnore TruthValue, hpnicfDot11RogueStaAdHocStatus TruthValue, hpnicfDot11RogueStaReset TruthValue, hpnicfDot11RogueStaFirstDetectTmStr OCTET STRING, hpnicfDot11RogueStaLastDetectTmStr OCTET STRING } hpnicfDot11RogueStaMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the MAC address of rogue station." ::= { hpnicfDot11WIDSRogueStaEntry 1 } hpnicfDot11RogueStaVendorName OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..127)) MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the vendor name of rogue station." ::= { hpnicfDot11WIDSRogueStaEntry 2 } hpnicfDot11RogueStaMonitorNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the number of monitor APs which detected the rogue station." ::= { hpnicfDot11WIDSRogueStaEntry 3 } hpnicfDot11RogueStaFirstDetectTm OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that station was detected as a rogue station for the first time." ::= { hpnicfDot11WIDSRogueStaEntry 4 } hpnicfDot11RogueStaLastDetectTm OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that station was detected as a rogue station for the last time." ::= { hpnicfDot11WIDSRogueStaEntry 5 } hpnicfDot11RogueStaAccessBSSID OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Represents BSS MAC address that rogue station try to access." ::= { hpnicfDot11WIDSRogueStaEntry 6 } hpnicfDot11RogueStaMaxSigStrength OBJECT-TYPE SYNTAX Integer32 UNITS "dBm" MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the maximal value of signal strength that WIDS received from the rogue station." ::= { hpnicfDot11WIDSRogueStaEntry 7 } hpnicfDot11RogueStaChannel OBJECT-TYPE SYNTAX HpnicfDot11ChannelScopeType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents on which radio channel the maximal signal strength was received." ::= { hpnicfDot11WIDSRogueStaEntry 8 } hpnicfDot11RogueStaAttackedStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether the countermeasure have taken for the rogue station." ::= { hpnicfDot11WIDSRogueStaEntry 9 } hpnicfDot11RogueStaToIgnore OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Represents whether the rogue AP will be taken as a rogue station. If the value is true, NMS should not display the rogue station as NMS display rogue station list, and the MAC address will be automatically added into hpnicfDot11WIDSIgnoreListTable. If the value is false, NMS will take it as a rogue station. " DEFVAL { false } ::= { hpnicfDot11WIDSRogueStaEntry 10 } hpnicfDot11RogueStaAdHocStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether the rogue station work on the Ad Hoc mode or not." ::= { hpnicfDot11WIDSRogueStaEntry 11 } hpnicfDot11RogueStaReset OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clear information of assigned station. The information of AP which detects assigned rogue station will be cleared together. It will return false for get operation." ::= { hpnicfDot11WIDSRogueStaEntry 12 } hpnicfDot11RogueStaFirstDetectTmStr OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that station was detected as a rogue station for the first time." ::= { hpnicfDot11WIDSRogueStaEntry 13 } hpnicfDot11RogueStaLastDetectTmStr OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that station was detected as a rogue station for the last time." ::= { hpnicfDot11WIDSRogueStaEntry 14 } -- ***************************************************************************** -- * End of hpnicfDot11WIDSRogueStaTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * hpnicfDot11WIDSRogueStaExtTable Definition -- ***************************************************************************** hpnicfDot11WIDSRogueStaExtTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDot11WIDSRogueStaExtEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "As each rogue station could be detected by multiple monitor APs, each monitor AP could have some kind of detailed information about a specific rogue station. In the hpnicfDot11WIDSRogueStaTable table, the detailed information for a specific rogue station will be summarized from information in the hpnicfDot11WIDSRogueStaExtTable table. For example, multiple monitor APs could receive RF signal of one rogue station, and each monitor AP has its maximum signal strength by itself. The information will be kept as hpnicfDot11DetectMaxStaSigStrength in the hpnicfDot11WIDSRogueStaExtTable table. While only the maximum value among all the hpnicfDot11DetectMaxStaSigStrength for each monitor AP will be kept in the hpnicfDot11WIDSRogueStaTable as hpnicfDot11RogueStaMaxSigStrength." ::= { hpnicfDot11WIDSDetectGroup 4 } hpnicfDot11WIDSRogueStaExtEntry OBJECT-TYPE SYNTAX HpnicfDot11WIDSRogueStaExtEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information of rogue station detected by each monitor AP." INDEX { hpnicfDot11RogueStaMAC, hpnicfDot11WIDSAPID } ::= { hpnicfDot11WIDSRogueStaExtTable 1 } HpnicfDot11WIDSRogueStaExtEntry ::= SEQUENCE { hpnicfDot11DetectCurStaSigStrength Integer32, hpnicfDot11DetectStaByChannel HpnicfDot11ChannelScopeType, hpnicfDot11DetectStaByRadioID HpnicfDot11RadioScopeType, hpnicfDot11AttackStaStatus TruthValue, hpnicfDot11DetectStaFirstTm TimeTicks, hpnicfDot11DetectStaLastTm TimeTicks } hpnicfDot11DetectCurStaSigStrength OBJECT-TYPE SYNTAX Integer32 UNITS "dBm" MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the current value of signal strength that WIDS monitor AP received from the rogue station." ::= { hpnicfDot11WIDSRogueStaExtEntry 1 } hpnicfDot11DetectStaByChannel OBJECT-TYPE SYNTAX HpnicfDot11ChannelScopeType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents on which radio channel the maximal signal strength was received." ::= { hpnicfDot11WIDSRogueStaExtEntry 2 } hpnicfDot11DetectStaByRadioID OBJECT-TYPE SYNTAX HpnicfDot11RadioScopeType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents which radio on the monitor AP has detected the rogue station." ::= { hpnicfDot11WIDSRogueStaExtEntry 3 } hpnicfDot11AttackStaStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether monitor AP have taken countermeasure for the rogue station." ::= { hpnicfDot11WIDSRogueStaExtEntry 4 } hpnicfDot11DetectStaFirstTm OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that monitor AP detected the rogue station for the first time." ::= { hpnicfDot11WIDSRogueStaExtEntry 5 } hpnicfDot11DetectStaLastTm OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that monitor AP detected the rogue station for the last time." ::= { hpnicfDot11WIDSRogueStaExtEntry 6 } -- ***************************************************************************** -- * end of hpnicfDot11WIDSRogueStaExtTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * hpnicfDot11WIDSDetectedDevTable Definition -- ***************************************************************************** hpnicfDot11WIDSDetectedDevTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDot11WIDSDetectedDevEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This Table contains information of detected devices." ::= { hpnicfDot11WIDSDetectGroup 5 } hpnicfDot11WIDSDetectedDevEntry OBJECT-TYPE SYNTAX HpnicfDot11WIDSDetectedDevEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information of detected devices." INDEX { hpnicfDot11WIDSDevMAC } ::= { hpnicfDot11WIDSDetectedDevTable 1 } HpnicfDot11WIDSDetectedDevEntry ::= SEQUENCE { hpnicfDot11WIDSDevMAC MacAddress, hpnicfDot11WIDSDevType HpnicfDot11WIDSDevType, hpnicfDot11WIDSDevPermitType HpnicfDot11WIDSDevPermitType, hpnicfDot11WIDSDevVendor OCTET STRING, hpnicfDot11WIDSDevMonitorNum Integer32, hpnicfDot11WIDSDevSSID OCTET STRING, hpnicfDot11WIDSDevBSSID MacAddress, hpnicfDot11WIDSDevChannel HpnicfDot11ChannelScopeType, hpnicfDot11WIDSDevMaxRSSI Integer32, hpnicfDot11WIDSDevBeaconIntvl Integer32, hpnicfDot11WIDSDevFstDctTime DateAndTime, hpnicfDot11WIDSDevLstDctTime DateAndTime, hpnicfDot11WIDSDevReset TruthValue, hpnicfDot11WIDSDevSnr Integer32 } hpnicfDot11WIDSDevMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents MAC address of the device detected." ::= { hpnicfDot11WIDSDetectedDevEntry 1 } hpnicfDot11WIDSDevType OBJECT-TYPE SYNTAX HpnicfDot11WIDSDevType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents type of the device detected." ::= { hpnicfDot11WIDSDetectedDevEntry 2 } hpnicfDot11WIDSDevPermitType OBJECT-TYPE SYNTAX HpnicfDot11WIDSDevPermitType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether the device detected is a rogue device or not." ::= { hpnicfDot11WIDSDetectedDevEntry 3 } hpnicfDot11WIDSDevVendor OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents Vendor of the detected device." ::= { hpnicfDot11WIDSDetectedDevEntry 4 } hpnicfDot11WIDSDevMonitorNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the number of active APs that detect the device." ::= { hpnicfDot11WIDSDetectedDevEntry 5 } hpnicfDot11WIDSDevSSID OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the service set identifier for the ESS of the device." ::= { hpnicfDot11WIDSDetectedDevEntry 6 } hpnicfDot11WIDSDevBSSID OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the basic service set identifier of the detected device." ::= { hpnicfDot11WIDSDetectedDevEntry 7 } hpnicfDot11WIDSDevChannel OBJECT-TYPE SYNTAX HpnicfDot11ChannelScopeType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the channel in which the device was last detected." ::= { hpnicfDot11WIDSDetectedDevEntry 8 } hpnicfDot11WIDSDevMaxRSSI OBJECT-TYPE SYNTAX Integer32 UNITS "dbm" MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the maximum detected RSSI of the device." ::= { hpnicfDot11WIDSDetectedDevEntry 9 } hpnicfDot11WIDSDevBeaconIntvl OBJECT-TYPE SYNTAX Integer32 UNITS "millionsecond" MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the beacon interval for the detected AP." ::= { hpnicfDot11WIDSDetectedDevEntry 10 } hpnicfDot11WIDSDevFstDctTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time at which the device was first detected." ::= { hpnicfDot11WIDSDetectedDevEntry 11 } hpnicfDot11WIDSDevLstDctTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time at which the rogue AP was detected last time." ::= { hpnicfDot11WIDSDetectedDevEntry 12 } hpnicfDot11WIDSDevReset OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clears the information of the device detected in the WLAN. It will return false for get operation." ::= { hpnicfDot11WIDSDetectedDevEntry 13 } hpnicfDot11WIDSDevSnr OBJECT-TYPE SYNTAX Integer32 UNITS "dB" MAX-ACCESS read-only STATUS current DESCRIPTION "Represents SNR of the device detected." ::= { hpnicfDot11WIDSDetectedDevEntry 14 } -- ***************************************************************************** -- * end of hpnicfDot11WIDSDetectedDevTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * hpnicfDot11WIDSRptAPTable Definition -- ***************************************************************************** hpnicfDot11WIDSRptAPTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDot11WIDSRptAPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This Table contains information of the AP which detected device in the WLAN." ::= { hpnicfDot11WIDSDetectGroup 6 } hpnicfDot11WIDSRptAPEntry OBJECT-TYPE SYNTAX HpnicfDot11WIDSRptAPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information of the AP which detected device in the WLAN." INDEX { hpnicfDot11WIDSDevMAC, hpnicfDot11WIDSRptAPMAC } ::= { hpnicfDot11WIDSRptAPTable 1 } HpnicfDot11WIDSRptAPEntry ::= SEQUENCE { hpnicfDot11WIDSRptAPMAC MacAddress, hpnicfDot11WIDSRptAPName OCTET STRING, hpnicfDot11WIDSRptAPRadioID HpnicfDot11RadioScopeType, hpnicfDot11WIDSRptAPMaxRSSI Integer32, hpnicfDot11WIDSRptAPFstDctTime DateAndTime, hpnicfDot11WIDSRptAPLstDctTime DateAndTime } hpnicfDot11WIDSRptAPMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the MAC address of the AP that detected the device." ::= { hpnicfDot11WIDSRptAPEntry 1 } hpnicfDot11WIDSRptAPName OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the name of the AP that detected the device." ::= { hpnicfDot11WIDSRptAPEntry 2 } hpnicfDot11WIDSRptAPRadioID OBJECT-TYPE SYNTAX HpnicfDot11RadioScopeType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the radio index of the AP that detected the device." ::= { hpnicfDot11WIDSRptAPEntry 3 } hpnicfDot11WIDSRptAPMaxRSSI OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the maximum detected RSSI of the device." ::= { hpnicfDot11WIDSRptAPEntry 4 } hpnicfDot11WIDSRptAPFstDctTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time at which the rogue AP was detected first time." ::= { hpnicfDot11WIDSRptAPEntry 5 } hpnicfDot11WIDSRptAPLstDctTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time at which the rogue AP was detected last time." ::= { hpnicfDot11WIDSRptAPEntry 6 } -- ***************************************************************************** -- * end of hpnicfDot11WIDSRptAPTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * hpnicfDot11DynBlackListTable Definition -- ***************************************************************************** hpnicfDot11DynBlackListTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDot11DynBlackListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains information of dynamic blacklist entries." ::= { hpnicfDot11WIDSDetectGroup 7 } hpnicfDot11DynBlackListEntry OBJECT-TYPE SYNTAX HpnicfDot11DynBlackListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information of dynamic blacklist." INDEX { hpnicfDot11DynBlackListMAC } ::= { hpnicfDot11DynBlackListTable 1 } HpnicfDot11DynBlackListEntry ::= SEQUENCE { hpnicfDot11DynBlackListMAC MacAddress, hpnicfDot11DynBlackListTime Unsigned32, hpnicfDot11DynBlackListReason OCTET STRING, hpnicfDot11DynBlackListReset TruthValue, hpnicfDot11DynBlackListTimeTicks TimeTicks } hpnicfDot11DynBlackListMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the MAC address of the device inserted into the dynamic blacklist." ::= { hpnicfDot11DynBlackListEntry 1 } hpnicfDot11DynBlackListTime OBJECT-TYPE SYNTAX Unsigned32 UNITS "second" MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time elapsed since the entry was last updated." ::= { hpnicfDot11DynBlackListEntry 2 } hpnicfDot11DynBlackListReason OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the reason why the entry was added into the dynamic blacklist." ::= { hpnicfDot11DynBlackListEntry 3 } hpnicfDot11DynBlackListReset OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to remove designated entry from the dynamic blacklist. The value which read from this object always is false." ::= { hpnicfDot11DynBlackListEntry 4 } hpnicfDot11DynBlackListTimeTicks OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time elapsed since the entry was last updated in units TimeTicks." ::= { hpnicfDot11DynBlackListEntry 5 } -- ***************************************************************************** -- * end of hpnicfDot11DynBlackListTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * hpnicfDot11WIDSRogueHistoryTable Definition -- ***************************************************************************** hpnicfDot11WIDSRogueHistoryTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDot11WIDSRogueHistoryEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains information of all expired rogue devices which have been deleted from the list of detected rogue devices because they could not be detected within the device aging duration." ::= { hpnicfDot11WIDSDetectGroup 8 } hpnicfDot11WIDSRogueHistoryEntry OBJECT-TYPE SYNTAX HpnicfDot11WIDSRogueHistoryEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information of an expired rogue device which has been deleted from the list of detected rogue devices because they could not be detected within the device aging duration." INDEX { hpnicfDot11WIDSRogueHisIndex } ::= { hpnicfDot11WIDSRogueHistoryTable 1 } HpnicfDot11WIDSRogueHistoryEntry ::= SEQUENCE { hpnicfDot11WIDSRogueHisIndex Integer32, hpnicfDot11WIDSRogueHisMAC MacAddress, hpnicfDot11WIDSRogueHisVendor OCTET STRING, hpnicfDot11WIDSRogueHisType HpnicfDot11WIDSDevType, hpnicfDot11WIDSRogueHisChl HpnicfDot11ChannelScopeType, hpnicfDot11WIDSRogueHisSSID OCTET STRING, hpnicfDot11WIDSRogueHisLastDctTime DateAndTime } hpnicfDot11WIDSRogueHisIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents index of this entry." ::= { hpnicfDot11WIDSRogueHistoryEntry 1 } hpnicfDot11WIDSRogueHisMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the MAC address of the device." ::= { hpnicfDot11WIDSRogueHistoryEntry 2 } hpnicfDot11WIDSRogueHisVendor OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the vendor for the device." ::= { hpnicfDot11WIDSRogueHistoryEntry 3 } hpnicfDot11WIDSRogueHisType OBJECT-TYPE SYNTAX HpnicfDot11WIDSDevType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the type of the device." ::= { hpnicfDot11WIDSRogueHistoryEntry 4 } hpnicfDot11WIDSRogueHisChl OBJECT-TYPE SYNTAX HpnicfDot11ChannelScopeType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the channel in which the device was last detected." ::= { hpnicfDot11WIDSRogueHistoryEntry 5 } hpnicfDot11WIDSRogueHisSSID OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the service set identifier for the ESS of the device." ::= { hpnicfDot11WIDSRogueHistoryEntry 6 } hpnicfDot11WIDSRogueHisLastDctTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time at which the device was last detected." ::= { hpnicfDot11WIDSRogueHistoryEntry 7 } -- ***************************************************************************** -- * end of hpnicfDot11WIDSRogueHistoryTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * hpnicfDot11WIDSAtkHistroyTable Definition -- ***************************************************************************** hpnicfDot11WIDSAtkHistroyTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDot11WIDSAtkHistroyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains information of the history of attacks detected in the WLAN system." ::= { hpnicfDot11WIDSDetectGroup 9 } hpnicfDot11WIDSAtkHistroyEntry OBJECT-TYPE SYNTAX HpnicfDot11WIDSAtkHistroyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information of the history of attacks detected in the WLAN system." INDEX { hpnicfDot11WIDSAtkHisIndex } ::= { hpnicfDot11WIDSAtkHistroyTable 1 } HpnicfDot11WIDSAtkHistroyEntry ::= SEQUENCE { hpnicfDot11WIDSAtkHisIndex Integer32, hpnicfDot11WIDSAtkHisMAC MacAddress, hpnicfDot11WIDSAtkHisType HpnicfDot11WIDSAtkType, hpnicfDot11WIDSAtkHisChl HpnicfDot11ChannelScopeType, hpnicfDot11WIDSAtkHisRSSI Integer32, hpnicfDot11WIDSAtkHisDctTime DateAndTime, hpnicfDot11WIDSAtkHisAPName OCTET STRING } hpnicfDot11WIDSAtkHisIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents index of this entry." ::= { hpnicfDot11WIDSAtkHistroyEntry 1 } hpnicfDot11WIDSAtkHisMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the Mac address. In case of spoof attacks, this field provides the BSSID which was spoofed. In case of other attacks, this field provides the MAC address of the device which initiated the attack." ::= { hpnicfDot11WIDSAtkHistroyEntry 2 } hpnicfDot11WIDSAtkHisType OBJECT-TYPE SYNTAX HpnicfDot11WIDSAtkType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the type of attack." ::= { hpnicfDot11WIDSAtkHistroyEntry 3 } hpnicfDot11WIDSAtkHisChl OBJECT-TYPE SYNTAX HpnicfDot11ChannelScopeType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the channel in which the attack was detected." ::= { hpnicfDot11WIDSAtkHistroyEntry 4 } hpnicfDot11WIDSAtkHisRSSI OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the average RSSI of the designated attack." ::= { hpnicfDot11WIDSAtkHistroyEntry 5 } hpnicfDot11WIDSAtkHisDctTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time at which this attack was detected." ::= { hpnicfDot11WIDSAtkHistroyEntry 6 } hpnicfDot11WIDSAtkHisAPName OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the name of the AP which detected this attack." ::= { hpnicfDot11WIDSAtkHistroyEntry 7 } -- ***************************************************************************** -- * end of hpnicfDot11WIDSAtkHistroyTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * hpnicfDot11WIDSAtkStatis Definition -- ***************************************************************************** hpnicfDot11WIDSAtkStatis OBJECT IDENTIFIER ::= { hpnicfDot11WIDSDetectGroup 10 } hpnicfDot11WIDSAtkStasStartTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Represents current attack tracking time. It is started at the system startup and is refreshed each hour subsequently." ::= { hpnicfDot11WIDSAtkStatis 1 } -- ***************************************************************************** -- * hpnicfDot11WIDSAtkStasTable Definition -- ***************************************************************************** hpnicfDot11WIDSAtkStasTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDot11WIDSAtkStasEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains information of the counts of attacks detected." ::= { hpnicfDot11WIDSAtkStatis 2 } hpnicfDot11WIDSAtkStasEntry OBJECT-TYPE SYNTAX HpnicfDot11WIDSAtkStasEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information of the counts of attacks detected." INDEX { hpnicfDot11WIDSAtkStasType } ::= { hpnicfDot11WIDSAtkStasTable 1 } HpnicfDot11WIDSAtkStasEntry ::= SEQUENCE { hpnicfDot11WIDSAtkStasType HpnicfDot11WIDSAtkType, hpnicfDot11WIDSAtkStasCurCnt Unsigned32, hpnicfDot11WIDSAtkStasTotalCnt Unsigned32 } hpnicfDot11WIDSAtkStasType OBJECT-TYPE SYNTAX HpnicfDot11WIDSAtkType MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the type of attack." ::= { hpnicfDot11WIDSAtkStasEntry 1 } hpnicfDot11WIDSAtkStasCurCnt OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the count of attacks detected since the time specified by the current attack tracking time. The current attack tracking time is started at the system startup and is refreshed each hour subsequently." ::= { hpnicfDot11WIDSAtkStasEntry 2 } hpnicfDot11WIDSAtkStasTotalCnt OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the total count of the attacks detected since the system startup." ::= { hpnicfDot11WIDSAtkStasEntry 3 } -- ***************************************************************************** -- * end of hpnicfDot11WIDSAtkStasTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * hpnicfDot11BlackListTable Definition -- ***************************************************************************** hpnicfDot11BlackListTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDot11BlackListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains information of blacklist entries, including dynamic and static." ::= { hpnicfDot11WIDSDetectGroup 11 } hpnicfDot11BlackListEntry OBJECT-TYPE SYNTAX HpnicfDot11BlackListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information of blacklist." INDEX { hpnicfDot11BlackListMAC } ::= { hpnicfDot11BlackListTable 1 } HpnicfDot11BlackListEntry ::= SEQUENCE { hpnicfDot11BlackListMAC MacAddress, hpnicfDot11BlackListTime Unsigned32, hpnicfDot11BlackListReason OCTET STRING, hpnicfDot11BlackListRowStatus RowStatus, hpnicfDot11BlackListTimeTicks TimeTicks } hpnicfDot11BlackListMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object represents the MAC address of the device inserted into the table." ::= { hpnicfDot11BlackListEntry 1 } hpnicfDot11BlackListTime OBJECT-TYPE SYNTAX Unsigned32 UNITS "minutes" MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time elapsed since the entry was last updated. If it is static blacklist, the value is always 0." ::= { hpnicfDot11BlackListEntry 2 } hpnicfDot11BlackListReason OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the reason why the entry was added into the blacklist." ::= { hpnicfDot11BlackListEntry 3 } hpnicfDot11BlackListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object represents the status of this table entry." ::= { hpnicfDot11BlackListEntry 4 } hpnicfDot11BlackListTimeTicks OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time elapsed since the entry was last updated in timetick. If it is static blacklist, the value is always 0." ::= { hpnicfDot11BlackListEntry 5 } -- ***************************************************************************** -- * end of hpnicfDot11BlackListTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * end of hpnicfDot11WIDSAtkStatis Definition -- ***************************************************************************** -- ***************************************************************************** -- * Notifications OF hpnicfDot11WIDSNotifyGroup -- ***************************************************************************** -- WIDS Notification hpnicfDot11WIDSTraps OBJECT IDENTIFIER ::= { hpnicfDot11WIDSNotifyGroup 1 } hpnicfDot11WIDSDetectRogueTrap NOTIFICATION-TYPE OBJECTS { hpnicfDot11WIDSRogueMAC, hpnicfDot11WIDSRogueType, hpnicfDot11WIDSMonitorMAC, hpnicfDot11MonitorAPID, hpnicfDot11MonitorApRadioID } STATUS current DESCRIPTION "The notification represents that a rogue AP or a station was detected by WIDS. The NMS would refer to MIB table under hpnicfDot11WIDSDetectGroup group to get more detailed information." ::= { hpnicfDot11WIDSTraps 1 } hpnicfDot11WIDSAdHocTrap NOTIFICATION-TYPE OBJECTS { hpnicfDot11WIDSAdHocMAC, hpnicfDot11WIDSMonitorMAC } STATUS current DESCRIPTION "The notification represents a rogue Ad hoc station was detected." ::= { hpnicfDot11WIDSTraps 2 } hpnicfDot11WIDSUnauthorSSIDTrap NOTIFICATION-TYPE OBJECTS { hpnicfDot11UnauthorSSIDName, hpnicfDot11WIDSMonitorMAC, hpnicfDot11MonitorAPID, hpnicfDot11MonitorApRadioID } STATUS current DESCRIPTION "The notification represents which unauthorized SSID are accessed in the network. The notification will be sent to NMS when an unauthorized SSID is detected on the network for the first time." ::= { hpnicfDot11WIDSTraps 3 } hpnicfDot11WIDSDisappearRogueTrap NOTIFICATION-TYPE OBJECTS { hpnicfDot11WIDSRogueMAC } STATUS current DESCRIPTION "The notification represents that a rogue device has aged out and moved to history table or the device type has been changed to friendly. The notification will be sent to NMS whenever a rogue disappears." ::= { hpnicfDot11WIDSTraps 4 } hpnicfDot11WIDSDetectAttack NOTIFICATION-TYPE OBJECTS { hpnicfDot11WIDSAtkHisType, hpnicfDot11WIDSAtkHisChl, hpnicfDot11WIDSAtkHisDctTime, hpnicfDot11WIDSAtkHisAPName } STATUS current DESCRIPTION "This notification occurs when some type of attack is detected. " ::= { hpnicfDot11WIDSTraps 5 } hpnicfDot11WIDSDetectWBridge NOTIFICATION-TYPE OBJECTS { hpnicfDot11WIDSRptAPName, hpnicfDot11WIDSRptAPRadioID, hpnicfDot11WIDSRptAPLstDctTime } STATUS current DESCRIPTION "This notification occurs whenever a detected device is classified as rogue wireless-bridge. " ::= { hpnicfDot11WIDSTraps 6 } hpnicfDot11WIDSFloodTrap NOTIFICATION-TYPE OBJECTS { hpnicfDot11WIDSAtkMac, hpnicfDot11WIDSAtkFrameType, hpnicfDot11WIDSFirstTrapTime } STATUS current DESCRIPTION "This notification occurs when flood attack is detected. " ::= { hpnicfDot11WIDSTraps 7 } hpnicfDot11WIDSSpoofTrap NOTIFICATION-TYPE OBJECTS { hpnicfDot11WIDSAtkMac, hpnicfDot11WIDSAtkFrameType, hpnicfDot11WIDSAtkChannel, hpnicfDot11WIDSAtkTime, hpnicfDot11WIDSAtkDestMac, hpnicfDot11WIDSFirstTrapTime } STATUS current DESCRIPTION "This notification occurs when spoof attack is detected. " ::= { hpnicfDot11WIDSTraps 8 } hpnicfDot11WIDSWeakIVTrap NOTIFICATION-TYPE OBJECTS { hpnicfDot11WIDSAtkMac, hpnicfDot11WIDSAtkChannel, hpnicfDot11WIDSAtkTime, hpnicfDot11WIDSAtkDestMac, hpnicfDot11WIDSFirstTrapTime } STATUS current DESCRIPTION "This notification occurs when weak IV attack is detected. " ::= { hpnicfDot11WIDSTraps 9 } -- WIDS Notification variable object hpnicfDot11WIDSTrapVarObjects OBJECT IDENTIFIER ::= { hpnicfDot11WIDSNotifyGroup 2 } hpnicfDot11WIDSRogueMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents which rogue AP or station." ::= { hpnicfDot11WIDSTrapVarObjects 1 } hpnicfDot11WIDSRogueType OBJECT-TYPE SYNTAX INTEGER { rogueAp(1), rogueStation(2) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents the rogue type. The following value are supported rogueAp(1) - A rogue AP rogueStation(2) - A rogue Station" ::= { hpnicfDot11WIDSTrapVarObjects 2 } hpnicfDot11WIDSMonitorMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents which monitor detected the rogue AP or station." ::= { hpnicfDot11WIDSTrapVarObjects 3 } hpnicfDot11WIDSAdHocMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents the MAC address of Ad hoc station." ::= { hpnicfDot11WIDSTrapVarObjects 4 } hpnicfDot11UnauthorSSIDName OBJECT-TYPE SYNTAX HpnicfDot11SSIDStringType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents an unauthorized SSID." ::= { hpnicfDot11WIDSTrapVarObjects 5 } hpnicfDot11MonitorAPID OBJECT-TYPE SYNTAX HpnicfDot11ObjectIDType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents monitor AP's APID." ::= { hpnicfDot11WIDSTrapVarObjects 6 } hpnicfDot11MonitorApRadioID OBJECT-TYPE SYNTAX HpnicfDot11RadioScopeType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents monitor AP's radio ID" ::= { hpnicfDot11WIDSTrapVarObjects 7 } hpnicfDot11WIDSAtkMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents mac address of attack source." ::= { hpnicfDot11WIDSTrapVarObjects 8 } hpnicfDot11WIDSAtkFrameType OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents attack frame type." ::= { hpnicfDot11WIDSTrapVarObjects 9 } hpnicfDot11WIDSAtkChannel OBJECT-TYPE SYNTAX HpnicfDot11ChannelScopeType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents attack channel." ::= { hpnicfDot11WIDSTrapVarObjects 10 } hpnicfDot11WIDSAtkTime OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents when attacking happened." ::= { hpnicfDot11WIDSTrapVarObjects 11 } hpnicfDot11WIDSAtkDestMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents mac address of attack destination." ::= { hpnicfDot11WIDSTrapVarObjects 12 } hpnicfDot11WIDSFirstTrapTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents the first trap time." ::= { hpnicfDot11WIDSTrapVarObjects 13 } -- ***************************************************************************** -- * End OF hpnicfDot11WIDSNotifyGroup -- ***************************************************************************** END