126 lines
4.0 KiB
Plaintext
126 lines
4.0 KiB
Plaintext
BLUECOAT-SG-ATTACK-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32
|
|
FROM SNMPv2-SMI
|
|
TEXTUAL-CONVENTION, TimeStamp, DisplayString
|
|
FROM SNMPv2-TC
|
|
blueCoatMgmt
|
|
FROM BLUECOAT-MIB;
|
|
|
|
deviceAttackMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200711050300Z"
|
|
ORGANIZATION "Blue Coat Systems, Inc."
|
|
CONTACT-INFO "support.services@bluecoat.com
|
|
http://www.bluecoat.com"
|
|
DESCRIPTION "The Blue Coat Attack MIB is used to monitor
|
|
possible protocol attacks by hackers."
|
|
REVISION "200711050300Z"
|
|
DESCRIPTION "Minor corrections and reformatting."
|
|
REVISION "200211060300Z"
|
|
DESCRIPTION "Initial revision of this MIB."
|
|
::= { blueCoatMgmt 3 }
|
|
|
|
deviceAttackMIBObjects
|
|
OBJECT IDENTIFIER ::= { deviceAttackMIB 1 }
|
|
|
|
deviceAttackMIBNotifications
|
|
OBJECT IDENTIFIER ::= { deviceAttackMIB 2 }
|
|
|
|
deviceAttackMIBNotificationsPrefix
|
|
OBJECT IDENTIFIER ::= { deviceAttackMIBNotifications 0 }
|
|
|
|
-- textual conventions
|
|
|
|
AttackStatus ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION "Indicates the status of the attack.
|
|
noAttack(1) - no attack.
|
|
underAttack(2) - attack in progress."
|
|
|
|
SYNTAX INTEGER {
|
|
noAttack(1),
|
|
underAttack(2)
|
|
}
|
|
|
|
--
|
|
-- MIB variables
|
|
--
|
|
|
|
deviceAttackValues
|
|
OBJECT IDENTIFIER ::= { deviceAttackMIBObjects 1 }
|
|
|
|
|
|
--
|
|
-- deviceAttackTable
|
|
--
|
|
|
|
deviceAttackTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DeviceAttackEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This table lists the various attacks that are
|
|
detected."
|
|
::= { deviceAttackValues 1 }
|
|
|
|
deviceAttackEntry OBJECT-TYPE
|
|
SYNTAX DeviceAttackEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "A deviceAttack entry describes the
|
|
present state of an attack."
|
|
INDEX { deviceAttackIndex }
|
|
::= { deviceAttackTable 1 }
|
|
|
|
DeviceAttackEntry ::= SEQUENCE {
|
|
deviceAttackIndex INTEGER,
|
|
deviceAttackName DisplayString,
|
|
deviceAttackStatus AttackStatus,
|
|
deviceAttackTime TimeStamp
|
|
}
|
|
|
|
deviceAttackIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "An arbitrary value which uniquely identifies an attack."
|
|
::= { deviceAttackEntry 1 }
|
|
|
|
deviceAttackName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "The textual name of the attack i.e. SYN Flood."
|
|
::= { deviceAttackEntry 2 }
|
|
|
|
deviceAttackStatus OBJECT-TYPE
|
|
SYNTAX AttackStatus
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "noAttack(1) not under attack, underAttack(2) attack in progress.
|
|
The default start-up value is noAttack(1)."
|
|
::= { deviceAttackEntry 3 }
|
|
|
|
deviceAttackTime OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
UNITS "Hundredths of seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "The value of 'sysUpTime.0' at the time of the attack."
|
|
::= { deviceAttackEntry 4 }
|
|
|
|
--
|
|
-- notifications
|
|
--
|
|
|
|
deviceAttackTrap NOTIFICATION-TYPE
|
|
OBJECTS { deviceAttackName, deviceAttackStatus }
|
|
STATUS current
|
|
DESCRIPTION "At the start of an attack a notification is
|
|
generated with 'deviceAttackStatus = underAttack(2)'.
|
|
At the end of an attack a notification is generated with
|
|
'deviceAttackStatus = noAttack(1)'."
|
|
::= { deviceAttackMIBNotificationsPrefix 1 }
|
|
|
|
END
|