-
Notifications
You must be signed in to change notification settings - Fork 3
/
A3COM-HUAWEI-AFC-MIB
executable file
·174 lines (152 loc) · 4.97 KB
/
A3COM-HUAWEI-AFC-MIB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
-- =================================================================
-- Copyright (C) 2008 by Hangzhou H3C TECHNOLOGIES. All rights reserved.
--
-- Description: This MIB is to provide the definition of
-- Abnormal Flow Clean system.
-- Reference:
-- Version: V1.0
-- History:
-- V1.0 2008-07-23, Created by luohaijun
-- =================================================================
A3COM-HUAWEI-AFC-MIB DEFINITIONS ::= BEGIN
IMPORTS
h3cCommon FROM A3COM-HUAWEI-OID-MIB
OBJECT-TYPE, NOTIFICATION-TYPE, MODULE-IDENTITY, Integer32, IpAddress
FROM SNMPv2-SMI
;
h3cAFC MODULE-IDENTITY
LAST-UPDATED "200807230000Z"
ORGANIZATION "H3C Technologies Co., Ltd."
CONTACT-INFO
"PLAT Team Hangzhou H3C Technologies Co.,Ltd.
Shang-Di Information Industry Base,
Hai-Dian District Beijing P.R. China
http://www.h3c.com
Zip:100085"
DESCRIPTION
"This MIB is to provide the definition of Abnormal Flow Clean system."
REVISION "200807230000Z"
DESCRIPTION
"The Initial Version of this MIB module."
::= { h3cCommon 85 }
h3cAFCLeaf OBJECT IDENTIFIER ::= {h3cAFC 1}
--
-- DDOS ATTACK 'Target IP' OBJECT
--
h3cDDosAttackTargetIP OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This shows the victim of a DDos attack. The IP Address is in the list
of protected IP address."
::= {h3cAFCLeaf 1}
--
-- DDOS ATTACK 'Attack type' OBJECT
--
h3cDDosAttackType OBJECT-TYPE
SYNTAX INTEGER{
land(1),
smurf(2),
fraggle(3),
winnuke(4),
synflood(5),
icmpflood(6),
udpflood(7),
icmpredirect(8),
icmpunreachable(9),
tracert(11),
tcpflag(12),
pingofdeath(13),
teardrop(14),
ipfragment(15),
largeicmp(18),
sourceroute(19),
routerecord(20),
fragflood(24),
scan(27),
appstreamalarm(29),
sessionstreamalarm(30),
tcpabnormal(32),
ipfragabnormal(33),
tftpabnormal(34),
dnsabnormal(35),
httpabnormal(36),
telnetabnormal(37),
ftpabnormal(38),
smtpabnormal(39),
pop3abnormal(40),
snmpabnormal(41),
ackabnormal(42),
cc(43),
otherabnormal(1024)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This shows the attack type which the victim is sufferd."
::= {h3cAFCLeaf 2}
--
-- DDOS ATTACK 'Attack policy' OBJECT
--
h3cDDosAttackPolicy OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..80))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This shows the policy name which detects the DDos Attack."
::= {h3cAFCLeaf 3}
--
-- DDOS ATTACK 'Attack threshold' OBJECT
--
h3cDDosAttackThreshold OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This shows the policy threshold in the DDos Attack."
::= {h3cAFCLeaf 4}
--
-- DDOS ATTACK 'Attack speed' OBJECT
--
h3cDDosAttackSpeed OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This shows the rate of policy in the DDos Attack."
::= {h3cAFCLeaf 5}
-- **********************************************************************
-- Define enterprise repeater traps. Rules for traps are that any
-- varbind must be from a table in which the first qualifier on the
-- object id is the service identifier of the 'thing' causing the trap.
-- **********************************************************************
h3cAFCNotify OBJECT IDENTIFIER ::= {h3cAFC 2}
h3cAFCNotifyPrefix OBJECT IDENTIFIER ::= { h3cAFCNotify 0 }
h3cDDosAttackStart NOTIFICATION-TYPE
OBJECTS {
h3cDDosAttackTargetIP,
h3cDDosAttackType,
h3cDDosAttackPolicy,
h3cDDosAttackThreshold,
h3cDDosAttackSpeed
}
STATUS current
DESCRIPTION
"This trap is sent when a DDos attack on specific IP is detected.
The IP address of the victim is the first object.
The exact type of the attack is the second object.
The policy name which detects the attack is the third object.
The threshold of the attack is the 4th object.
The speed of the attack is the 5th object."
::= {h3cAFCNotifyPrefix 1}
h3cDDosAttackEnd NOTIFICATION-TYPE
OBJECTS {
h3cDDosAttackTargetIP
}
STATUS current
DESCRIPTION
"This trap is sent when a DDos Attack end. The IP address of the
victim is the very object."
::= {h3cAFCNotifyPrefix 2}
END