WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/hp/HPN-ICF-AFC-MIB

172 lines
5.0 KiB
Plaintext
Raw Permalink Blame History

-- =================================================================
-- Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P.
--
-- Description: This MIB is to provide the definition of
-- Abnormal Flow Clean system.
-- Reference:
-- Version: V1.0
-- History:
-- V1.0 2008-07-23, Created by luohaijun
-- =================================================================
HPN-ICF-AFC-MIB DEFINITIONS ::= BEGIN
IMPORTS
hpnicfCommon FROM HPN-ICF-OID-MIB
OBJECT-TYPE, NOTIFICATION-TYPE, MODULE-IDENTITY, Integer32, IpAddress
FROM SNMPv2-SMI
;
hpnicfAFC MODULE-IDENTITY
LAST-UPDATED "200807230000Z"
ORGANIZATION
""
CONTACT-INFO
""
DESCRIPTION
"This MIB is to provide the definition of Abnormal Flow Clean system."
REVISION "200807230000Z"
DESCRIPTION
"The Initial Version of this MIB module."
::= { hpnicfCommon 85 }
hpnicfAFCLeaf OBJECT IDENTIFIER ::= {hpnicfAFC 1}
--
-- DDOS ATTACK 'Target IP' OBJECT
--
hpnicfDDosAttackTargetIP OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This shows the victim of a DDos attack. The IP Address is in the list
of protected IP address."
::= {hpnicfAFCLeaf 1}
--
-- DDOS ATTACK 'Attack type' OBJECT
--
hpnicfDDosAttackType OBJECT-TYPE
SYNTAX INTEGER{
land(1),
smurf(2),
fraggle(3),
winnuke(4),
synflood(5),
icmpflood(6),
udpflood(7),
icmpredirect(8),
icmpunreachable(9),
tracert(11),
tcpflag(12),
pingofdeath(13),
teardrop(14),
ipfragment(15),
largeicmp(18),
sourceroute(19),
routerecord(20),
fragflood(24),
scan(27),
appstreamalarm(29),
sessionstreamalarm(30),
tcpabnormal(32),
ipfragabnormal(33),
tftpabnormal(34),
dnsabnormal(35),
httpabnormal(36),
telnetabnormal(37),
ftpabnormal(38),
smtpabnormal(39),
pop3abnormal(40),
snmpabnormal(41),
ackabnormal(42),
cc(43),
otherabnormal(1024)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This shows the attack type which the victim is sufferd."
::= {hpnicfAFCLeaf 2}
--
-- DDOS ATTACK 'Attack policy' OBJECT
--
hpnicfDDosAttackPolicy OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..80))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This shows the policy name which detects the DDos Attack."
::= {hpnicfAFCLeaf 3}
--
-- DDOS ATTACK 'Attack threshold' OBJECT
--
hpnicfDDosAttackThreshold OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This shows the policy threshold in the DDos Attack."
::= {hpnicfAFCLeaf 4}
--
-- DDOS ATTACK 'Attack speed' OBJECT
--
hpnicfDDosAttackSpeed OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This shows the rate of policy in the DDos Attack."
::= {hpnicfAFCLeaf 5}
-- **********************************************************************
-- Define enterprise repeater traps. Rules for traps are that any
-- varbind must be from a table in which the first qualifier on the
-- object id is the service identifier of the 'thing' causing the trap.
-- **********************************************************************
hpnicfAFCNotify OBJECT IDENTIFIER ::= {hpnicfAFC 2}
hpnicfAFCNotifyPrefix OBJECT IDENTIFIER ::= { hpnicfAFCNotify 0 }
hpnicfDDosAttackStart NOTIFICATION-TYPE
OBJECTS {
hpnicfDDosAttackTargetIP,
hpnicfDDosAttackType,
hpnicfDDosAttackPolicy,
hpnicfDDosAttackThreshold,
hpnicfDDosAttackSpeed
}
STATUS current
DESCRIPTION
"This trap is sent when a DDos attack on specific IP is detected.
The IP address of the victim is the first object.
The exact type of the attack is the second object.
The policy name which detects the attack is the third object.
The threshold of the attack is the 4th object.
The speed of the attack is the 5th object."
::= {hpnicfAFCNotifyPrefix 1}
hpnicfDDosAttackEnd NOTIFICATION-TYPE
OBJECTS {
hpnicfDDosAttackTargetIP
}
STATUS current
DESCRIPTION
"This trap is sent when a DDos Attack end. The IP address of the
victim is the very object."
::= {hpnicfAFCNotifyPrefix 2}
END
View Git Blame Copy Permalink