1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
BLUECOAT-SG-ATTACK-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32
FROM SNMPv2-SMI
TEXTUAL-CONVENTION, TimeStamp, DisplayString
FROM SNMPv2-TC
blueCoatMgmt
FROM BLUECOAT-MIB;
deviceAttackMIB MODULE-IDENTITY
LAST-UPDATED "200711050300Z"
ORGANIZATION "Blue Coat Systems, Inc."
CONTACT-INFO "support.services@bluecoat.com
http://www.bluecoat.com"
DESCRIPTION "The Blue Coat Attack MIB is used to monitor
possible protocol attacks by hackers."
REVISION "200711050300Z"
DESCRIPTION "Minor corrections and reformatting."
REVISION "200211060300Z"
DESCRIPTION "Initial revision of this MIB."
::= { blueCoatMgmt 3 }
deviceAttackMIBObjects
OBJECT IDENTIFIER ::= { deviceAttackMIB 1 }
deviceAttackMIBNotifications
OBJECT IDENTIFIER ::= { deviceAttackMIB 2 }
deviceAttackMIBNotificationsPrefix
OBJECT IDENTIFIER ::= { deviceAttackMIBNotifications 0 }
-- textual conventions
AttackStatus ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "Indicates the status of the attack.
noAttack(1) - no attack.
underAttack(2) - attack in progress."
SYNTAX INTEGER {
noAttack(1),
underAttack(2)
}
--
-- MIB variables
--
deviceAttackValues
OBJECT IDENTIFIER ::= { deviceAttackMIBObjects 1 }
--
-- deviceAttackTable
--
deviceAttackTable OBJECT-TYPE
SYNTAX SEQUENCE OF DeviceAttackEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "This table lists the various attacks that are
detected."
::= { deviceAttackValues 1 }
deviceAttackEntry OBJECT-TYPE
SYNTAX DeviceAttackEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "A deviceAttack entry describes the
present state of an attack."
INDEX { deviceAttackIndex }
::= { deviceAttackTable 1 }
DeviceAttackEntry ::= SEQUENCE {
deviceAttackIndex INTEGER,
deviceAttackName DisplayString,
deviceAttackStatus AttackStatus,
deviceAttackTime TimeStamp
}
deviceAttackIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "An arbitrary value which uniquely identifies an attack."
::= { deviceAttackEntry 1 }
deviceAttackName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The textual name of the attack i.e. SYN Flood."
::= { deviceAttackEntry 2 }
deviceAttackStatus OBJECT-TYPE
SYNTAX AttackStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION "noAttack(1) not under attack, underAttack(2) attack in progress.
The default start-up value is noAttack(1)."
::= { deviceAttackEntry 3 }
deviceAttackTime OBJECT-TYPE
SYNTAX TimeStamp
UNITS "Hundredths of seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of 'sysUpTime.0' at the time of the attack."
::= { deviceAttackEntry 4 }
--
-- notifications
--
deviceAttackTrap NOTIFICATION-TYPE
OBJECTS { deviceAttackName, deviceAttackStatus }
STATUS current
DESCRIPTION "At the start of an attack a notification is
generated with 'deviceAttackStatus = underAttack(2)'.
At the end of an attack a notification is generated with
'deviceAttackStatus = noAttack(1)'."
::= { deviceAttackMIBNotificationsPrefix 1 }
END
|
