-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathNS-TRAPS
428 lines (407 loc) · 14.3 KB
/
NS-TRAPS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
-- Copyright (c) 1999-2004, Juniper Networks, Inc.
-- All rights reserved.
NETSCREEN-TRAP-MIB DEFINITIONS ::= BEGIN
IMPORTS
netscreenTrap, netscreenTrapInfo
FROM NETSCREEN-SMI
MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE
FROM SNMPv2-SMI
DisplayString
FROM SNMPv2-TC
;
netscreenTrapMibModule MODULE-IDENTITY
LAST-UPDATED "200503032022Z" -- March 03, 2005
ORGANIZATION
"Juniper Networks, Inc."
CONTACT-INFO
"Customer Support
1194 North Mathilda Avenue
Sunnyvale, California 94089-1206
USA
Tel: 1-800-638-8296
E-mail: [email protected]
HTTP://www.juniper.net"
DESCRIPTION
"Added 5 new trap types - 800-804. Removed 1000."
REVISION "200510170000Z" -- Oct 17, 2005
DESCRIPTION
"Added 4 new trap types - ipv6 ip conflicts(101), dip util raise(102) and clear(103),
ids-icmp-ping-id-zero(441)."
REVISION "200503030000Z" -- March 03, 2005
DESCRIPTION
"Trap MIB"
REVISION "200409100000Z" -- Sep 10, 2004
DESCRIPTION
"Removed nsTrapType 3, 15,18,19 and 1000"
REVISION "200405030000Z" -- May 03, 2004
DESCRIPTION
"Modified copyright and contact information"
REVISION "200403030000Z" -- March 03, 2004
DESCRIPTION
"Converted to SMIv2 by Longview Software"
REVISION "200401230000Z" -- January 23, 2004
DESCRIPTION
"Add new traps (430~434)"
REVISION "200109280000Z" -- September 28, 2001
DESCRIPTION
"Add global-report manager specific trap"
REVISION "200008020000Z" -- August 02, 2000
DESCRIPTION
"Creation Date"
::= { netscreenTrapInfo 0 }
netscreenTrapHw NOTIFICATION-TYPE
OBJECTS
{ netscreenTrapType, netscreenTrapDesc }
STATUS current
DESCRIPTION
"This trap indicates that some kind of hardware problem has
occured."
::= { netscreenTrap 100 }
netscreenTrapFw NOTIFICATION-TYPE
OBJECTS
{ netscreenTrapType, netscreenTrapDesc }
STATUS current
DESCRIPTION
"This trap indicates that some kind of firewall functions has
been triggered."
::= { netscreenTrap 200 }
netscreenTrapSw NOTIFICATION-TYPE
OBJECTS
{ netscreenTrapType, netscreenTrapDesc }
STATUS current
DESCRIPTION
"This trap indicates that some kind of software problem has
occured."
::= { netscreenTrap 300 }
netscreenTrapTrf NOTIFICATION-TYPE
OBJECTS
{ netscreenTrapType, netscreenTrapDesc }
STATUS current
DESCRIPTION
"This trap indicates that some kind of traffic conditions has
been triggered."
::= { netscreenTrap 400 }
netscreenTrapVpn NOTIFICATION-TYPE
OBJECTS
{ netscreenTrapType, netscreenTrapDesc }
STATUS current
DESCRIPTION
"This trap indicates that VPN tunnel status has occured."
::= { netscreenTrap 500 }
netscreenTrapNsrp NOTIFICATION-TYPE
OBJECTS
{ netscreenTrapType, netscreenTrapDesc }
STATUS current
DESCRIPTION
"This trap indicates that NSRP status has occured."
::= { netscreenTrap 600 }
netscreenTrapGPRO NOTIFICATION-TYPE
OBJECTS
{ netscreenTrapType, netscreenTrapDesc }
STATUS current
DESCRIPTION
"This trap indicates that some kind of Global PRO problems has
occurred."
::= { netscreenTrap 700 }
netscreenTrapDrp NOTIFICATION-TYPE
OBJECTS
{ netscreenTrapType, netscreenTrapDesc }
STATUS current
DESCRIPTION
"This trap indicates that Drp status has occured."
::= { netscreenTrap 800 }
netscreenTrapIFFailover NOTIFICATION-TYPE
OBJECTS
{ netscreenTrapType, netscreenTrapDesc }
STATUS current
DESCRIPTION
"This trap indicates that interface fail over status has
occured."
::= { netscreenTrap 900 }
netscreenTrapIDPAttack NOTIFICATION-TYPE
OBJECTS
{ netscreenTrapType, netscreenTrapDesc }
STATUS current
DESCRIPTION
"This trap indicates that IDP attack status has occured."
::= { netscreenTrap 1000 }
netscreenTrapType OBJECT-TYPE
SYNTAX INTEGER {
-- Traffic per-second threshold
traffic-sec(1),
-- Traffic per-minute threshold
traffic-min(2),
-- Winnuke pak
winnuke(4),
-- Syn attack
syn-attack(5),
-- tear-drop attack
tear-drop(6),
-- Ping of Death attack
ping-death(7),
-- IP spoofing attack
ip-spoofing(8),
-- IP source routing attack
ip-src-route(9),
-- land attack
land(10),
-- ICMP flooding attack
icmp-flood(11),
-- UDP flooding attack
udp-flood(12),
-- Illegal server IP to connect to CMS port
illegal-cms-svr(13),
-- URL blocking server connection alarm
url-block-srv(14),
-- Port Scan attack
port-scan(16),
-- address sweep attack
addr-sweep(17),
-- memory low
low-memory(20),
-- DNS server unreachable
dns-srv-down(21),
-- Fan, Power Supply failure
generic-HW-fail(22),
-- Load balance server unreachable
lb-srv-down(23),
-- log buffer overflow
log-full(24),
-- X509 related
x509(25),
-- VPN and IKE related
vpn-ike(26),
-- admin realted
admin(27),
-- Illegal src ip to connect to sme port
sme(28),
-- DHCP related
dhcp(29),
-- CPU usage is high
cpu-usage-high(30),
-- Interface IP conflict
ip-conflict(31),
-- Microsoft IIS server vulnerability
attact-malicious-url(32),
-- session threshold is exceeded
session-threshold(33),
-- SSH related alarms
ssh-alarm(34),
-- VPN tunnel from down to up
vpn-tunnel-up(40),
-- VPN tunnel from up to down
vpn-tunnel-down(41),
-- VPN replay detected
vpn-replay-attack(42),
-- VPN tunnel removed
vpn-l2tp-tunnel-remove(43),
-- VPN tunnel removed and error detected
vpn-l2tp-tunnel-remove-err(44),
-- VPN call removed
vpn-l2tp-call-remove(45),
-- VPN call removed and error detected
vpn-l2tp-call-remove-err(46),
-- Number of IAS exceeds configured maximum
vpn-ias-too-many(47),
-- Number of IAS crossed configured upper threshold
vpn-ias-over-threshold(48),
-- Number of IAS crossed configured lower threshold
vpn-ias-under-threshold(49),
-- IKE error occured for the IAS session
vpn-ias-ike-error(50),
-- allocated session exceed threshold
allocated-session-threshold(51),
-- AV Scan Manager Alarm, sofeware trap
av-scan-mgr(554),
-- NSRP rto self unit status change from up to down
nsrp-rto-up(60),
-- NSRP rto self unit status change from down to up
nsrp-rto-down(61),
-- NSRP track ip successed
nsrp-trackip-success(62),
-- NSRP track ip failed
nsrp-trackip-failed(63),
-- NSRP track ip fail over
nsrp-trackip-failover(64),
-- NSRP inconsistent configuration between master and backup
nsrp-inconsistent-configuration(65),
-- NSRP vsd group status change to elect
nsrp-vsd-init(70),
-- NSRP vsd group status change to master
nsrp-vsd-master(71),
-- NSRP vsd group status change to primary backup
nsrp-vsd-pbackup(72),
-- NSRP vsd group status change to backup
nsrp-vsd-backup(73),
-- NSRP vsd group status change to ineligible
nsrp-vsd-ineligible(74),
-- NSRP VSD group status change to inoperable
nsrp-vsd-inoperable(75),
-- NSRP VSD request heartbeat from 2nd HA path
nsrp-vsd-req-hearbeat-2nd(76),
-- NSRP VSD reply to 2nd path request
nsrp-vsd-reply-2nd(77),
-- NSRP duplicated RTO group found
nsrp-rto-duplicated(78),
-- DC fails to re-connect to MC
dc-fail-reconnect-mc(79),
-- MC fails to re-connect to Db
mc-fail-reconnect-db(80),
-- DC fails to initialize
dc-fail-init(81),
-- MC fails to initialize
mc-fail-init(82),
-- Unknown device trying to connect to a DC
unknown-connect-attempt-dc(83),
-- DC has been reinitialized/restarted (similar meaning as the cold
-- start trap generated by the device)
dc-reinit(84),
-- MC has been restarted
mc-reinit(85),
-- DC fails to authenticate to a device
dc-fail-auth(86),
-- DC / MC are not running the same version
dc-mc-version-unmatch(87),
-- DC's traffic log files are full
dc-log-full(88),
-- NetScreen device connected to Global PRO
device-connect-dc(89),
-- NetScreen device dis-connected from Global PRO
device-disconnect-dc(90),
-- A USB key is plug/unplug from USB port
usb-device-operation(93),
-- No ppp IP pool configured
ppp-no-ip-cfg(95),
-- IP pool exhausted. No ip to assign
ppp-no-ip-in-pool(96),
-- Interface IPv6 address conflict
ipv6-conflict(101),
-- DIP utilization reaches raised threshold limit
dip-util-raise(102),
-- DIP utilization reaches clear threshold limit
dip-util-clear(103),
-- Errors in route module (exceed limit, malloc failure, add-perfix failure etc)
route-alarm(205),
-- LSA/Hello packets flood in OSPF, route redistribution exceed limit,
ospf-flood(206),
-- Update packet floods in RIP
rip-flood(207),
-- Peer forms adjacency completely
bgp-established(208),
-- Peer's adjacency is torn down, goes to Idle state
bgp-backwardtransition(209),
-- change in virtual link's state (down, point-to-point etc)
ospf-virtifstatechange(210),
-- change in neighbor's state on regular interface (down, 2way, full etc)
ospf-nbrstatechange(211),
-- change in neighbor's state on virtual link (down, full etc)
ospf-virtnbrstatechange(212),
-- authentication mismatch/area mismatch etc on regular interface
ospf-ifconfigerror(213),
-- authentication mismatch/area mismatch etc on virtual link
ospf-virtifconfigerror(214),
-- Authentication eror on regular interface
ospf-ifauthfailure(215),
-- Authentication eror on virtual link
ospf-virtifauthfailure(216),
-- lsa received with invalid lsa-type on regular interface
ospf-ifrxbadpacket(217),
-- lsa received with invalid lsa-type on virtual link
ospf-virtifrxbadpacket(218),
-- retransmission to neighbor on regular interface
ospf-txretransmit(219),
-- retransmission to neighbor on virtual link
ospf-virtiftxretransmit(220),
-- new LSA generated by local router
ospf-originatelsa(221),
-- LSA aged out
ospf-maxagelsa(222),
-- when total LSAs in database exceed predefined limit
ospf-lsdboverflow(223),
-- when total LSAs in database approach predefined limit
ospf-lsdbapproachingoverflow(224),
-- change in regular interface state (up/down, dr/bdr etc)
ospf-ifstatechange(225),
-- block java/active-x component
ids-component(400),
-- icmp flood attack
ids-icmp-flood(401),
-- udp flood attack
ids-udp-flood(402),
-- winnuke attack
ids-winnuke(403),
-- port scan attack
ids-port-scan(404),
-- address sweep attack
ids-addr-sweep(405),
-- tear drop attack
ids-tear-drop(406),
-- syn flood attack
ids-syn(407),
-- ip spoofing attack
ids-ip-spoofing(408),
-- ping of death attack
ids-ping-death(409),
-- filter ip packet with source route option
ids-ip-source-route(410),
-- land attack
ids-land(411),
-- screen syn fragment attack
syn-frag-attack(412),
-- screen tcp packet without flag attack
tcp-without-flag(413),
-- screen unknown ip packet
unknow-ip-packet(414),
-- screen bad ip option
bad-ip-option(415),
-- Dst IP-based session limiting
dst-ip-session-limit(430),
-- HTTP component blocking for .zip files
ids-block-zip(431),
-- HTTP component blocking for Java applets
ids-block-jar(432),
-- HTTP component blocking for .exe files
ids-block-exe(433),
-- HTTP component blocking for ActiveX controls
ids-block-activex(434),
-- screen icmp fragment packet
icmp-fragment(435),
-- screen too large icmp packet
too-large-icmp(436),
-- screen tcp flag syn-fin set
tcp-syn-fin(437),
-- screen tcp fin without ack
tcp-fin-no-ack(438),
-- avoid replying to syns after excessive 3 way TCP handshakes from
-- same src ip but not proceeding with user auth. (not replying to
-- username/password)..
ids-tcp-syn-ack-ack(439),
-- ip fragment
ids-ip-block-frag(440),
-- icmp ping id 0
ids-icmp-ping-id-zero(441),
--Shared to fair transition forced
cpu-limit-s2f-forced(800),
--Shared to fair transition auto
cpu-limit-s2f-auto(801),
--Fair to shared transition forced
cpu-limit-f2s-forced(802),
--Fair to shared transition because of timeout
cpu-limit-f2s-timeout(803),
--Fair to shared transition auto
cpu-limit-f2s-auto(804)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The integer value of the raised alarm type. Note that the type
should be interpreted within a specific trap"
::= { netscreenTrapInfo 1 }
netscreenTrapDesc OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..255))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The textual description of the alarm"
::= { netscreenTrapInfo 3 }
END