mibs/MIBS/comware/HH3C-AFC-MIB

-- =================================================================
-- Copyright (C) 2008 New H3C Tech. Co., Ltd. All rights reserved.
--
-- Description: This MIB is to provide the definition of
--              Abnormal Flow Clean system.
-- Reference:
-- Version: V1.0
-- History:
--   V1.0 2008-07-23, Created by luohaijun
-- =================================================================
HH3C-AFC-MIB DEFINITIONS ::= BEGIN

    IMPORTS
        hh3cCommon FROM HH3C-OID-MIB
        OBJECT-TYPE, NOTIFICATION-TYPE, MODULE-IDENTITY, Integer32, IpAddress
            FROM SNMPv2-SMI
        ;

hh3cAFC  MODULE-IDENTITY
    LAST-UPDATED "200807230000Z"
    ORGANIZATION "New H3C Technologies Co., Ltd."
    CONTACT-INFO
        "PLAT Team New H3C Technologies Co.,Ltd.
        Shang-Di Information Industry Base,
        Hai-Dian District Beijing P.R. China
        http://www.h3c.com
        Zip:100085"
    DESCRIPTION
        "This MIB is to provide the definition of Abnormal Flow Clean system."
    REVISION "200807230000Z"
    DESCRIPTION
        "The Initial Version of this MIB module."
    ::= { hh3cCommon 85 }


hh3cAFCLeaf OBJECT IDENTIFIER ::= {hh3cAFC  1}

--
-- DDOS ATTACK 'Target IP' OBJECT
--

hh3cDDosAttackTargetIP OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This shows the victim of a DDos attack.  The IP Address is in the list
        of protected IP address."
    ::= {hh3cAFCLeaf 1}

--
-- DDOS ATTACK 'Attack type' OBJECT
--

hh3cDDosAttackType OBJECT-TYPE
    SYNTAX      INTEGER{
                land(1),
                smurf(2),
                fraggle(3),
                winnuke(4),
                synflood(5),
                icmpflood(6),
                udpflood(7),
                icmpredirect(8),
                icmpunreachable(9),
                tracert(11),
                tcpflag(12),
                pingofdeath(13),
                teardrop(14),
                ipfragment(15),
                largeicmp(18),
                sourceroute(19),
                routerecord(20),
                fragflood(24),
                scan(27),
                appstreamalarm(29),
                sessionstreamalarm(30),
                tcpabnormal(32),
                ipfragabnormal(33),
                tftpabnormal(34),
                dnsabnormal(35),
                httpabnormal(36),
                telnetabnormal(37),
                ftpabnormal(38),
                smtpabnormal(39),
                pop3abnormal(40),
                snmpabnormal(41),
                ackabnormal(42),
                cc(43),
                otherabnormal(1024)
                }
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This shows the attack type which the victim is sufferd."
    ::= {hh3cAFCLeaf 2}

--
-- DDOS ATTACK 'Attack policy' OBJECT
--

hh3cDDosAttackPolicy OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE(0..80))
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This shows the policy name which detects the DDos Attack."
    ::= {hh3cAFCLeaf 3}
    
--
-- DDOS ATTACK 'Attack threshold' OBJECT
--

hh3cDDosAttackThreshold OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This shows the policy threshold in the DDos Attack."
    ::= {hh3cAFCLeaf 4}

--
-- DDOS ATTACK 'Attack speed' OBJECT
--

hh3cDDosAttackSpeed OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This shows the rate of policy in the DDos Attack."
    ::= {hh3cAFCLeaf 5}



-- **********************************************************************
-- Define enterprise repeater traps. Rules for traps are that any
-- varbind must be from a table in which the first qualifier on the
-- object id is the service identifier of the 'thing' causing the trap.
-- **********************************************************************
hh3cAFCNotify OBJECT IDENTIFIER ::= {hh3cAFC  2}

hh3cAFCNotifyPrefix OBJECT IDENTIFIER ::= { hh3cAFCNotify 0 }

hh3cDDosAttackStart NOTIFICATION-TYPE
    OBJECTS {
        hh3cDDosAttackTargetIP,
        hh3cDDosAttackType,
        hh3cDDosAttackPolicy,
        hh3cDDosAttackThreshold,
        hh3cDDosAttackSpeed
        }
    STATUS  current
    DESCRIPTION
        "This trap is sent when a DDos attack on specific IP is detected.
         The IP address of the victim is the first object.
         The exact type of the attack is the second object.
         The policy name which detects the attack is the third object.
         The threshold of the attack is the 4th object.
         The speed of the attack is the 5th object."
    ::= {hh3cAFCNotifyPrefix 1}


hh3cDDosAttackEnd NOTIFICATION-TYPE
    OBJECTS {
        hh3cDDosAttackTargetIP
        }
    STATUS  current
    DESCRIPTION
        "This trap is sent when a DDos Attack end.  The IP address of the
        victim is the very object."
    ::= {hh3cAFCNotifyPrefix 2}

END