MIBS/comware/HH3C-AFC-MIB


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174

-- =================================================================
-- Copyright (C) 2008 New H3C Tech. Co., Ltd. All rights reserved.
--
-- Description: This MIB is to provide the definition of
--              Abnormal Flow Clean system.
-- Reference:
-- Version: V1.0
-- History:
--   V1.0 2008-07-23, Created by luohaijun
-- =================================================================
HH3C-AFC-MIB DEFINITIONS ::= BEGIN

    IMPORTS
        hh3cCommon FROM HH3C-OID-MIB
        OBJECT-TYPE, NOTIFICATION-TYPE, MODULE-IDENTITY, Integer32, IpAddress
            FROM SNMPv2-SMI
        ;

hh3cAFC  MODULE-IDENTITY
    LAST-UPDATED "200807230000Z"
    ORGANIZATION "New H3C Technologies Co., Ltd."
    CONTACT-INFO
        "PLAT Team New H3C Technologies Co.,Ltd.
        Shang-Di Information Industry Base,
        Hai-Dian District Beijing P.R. China
        http://www.h3c.com
        Zip:100085"
    DESCRIPTION
        "This MIB is to provide the definition of Abnormal Flow Clean system."
    REVISION "200807230000Z"
    DESCRIPTION
        "The Initial Version of this MIB module."
    ::= { hh3cCommon 85 }


hh3cAFCLeaf OBJECT IDENTIFIER ::= {hh3cAFC  1}

--
-- DDOS ATTACK 'Target IP' OBJECT
--

hh3cDDosAttackTargetIP OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This shows the victim of a DDos attack.  The IP Address is in the list
        of protected IP address."
    ::= {hh3cAFCLeaf 1}

--
-- DDOS ATTACK 'Attack type' OBJECT
--

hh3cDDosAttackType OBJECT-TYPE
    SYNTAX      INTEGER{
                land(1),
                smurf(2),
                fraggle(3),
                winnuke(4),
                synflood(5),
                icmpflood(6),
                udpflood(7),
                icmpredirect(8),
                icmpunreachable(9),
                tracert(11),
                tcpflag(12),
                pingofdeath(13),
                teardrop(14),
                ipfragment(15),
                largeicmp(18),
                sourceroute(19),
                routerecord(20),
                fragflood(24),
                scan(27),
                appstreamalarm(29),
                sessionstreamalarm(30),
                tcpabnormal(32),
                ipfragabnormal(33),
                tftpabnormal(34),
                dnsabnormal(35),
                httpabnormal(36),
                telnetabnormal(37),
                ftpabnormal(38),
                smtpabnormal(39),
                pop3abnormal(40),
                snmpabnormal(41),
                ackabnormal(42),
                cc(43),
                otherabnormal(1024)
                }
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This shows the attack type which the victim is sufferd."
    ::= {hh3cAFCLeaf 2}

--
-- DDOS ATTACK 'Attack policy' OBJECT
--

hh3cDDosAttackPolicy OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE(0..80))
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This shows the policy name which detects the DDos Attack."
    ::= {hh3cAFCLeaf 3}
    
--
-- DDOS ATTACK 'Attack threshold' OBJECT
--

hh3cDDosAttackThreshold OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This shows the policy threshold in the DDos Attack."
    ::= {hh3cAFCLeaf 4}

--
-- DDOS ATTACK 'Attack speed' OBJECT
--

hh3cDDosAttackSpeed OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This shows the rate of policy in the DDos Attack."
    ::= {hh3cAFCLeaf 5}


-- **********************************************************************
-- Define enterprise repeater traps. Rules for traps are that any
-- varbind must be from a table in which the first qualifier on the
-- object id is the service identifier of the 'thing' causing the trap.
-- **********************************************************************
hh3cAFCNotify OBJECT IDENTIFIER ::= {hh3cAFC  2}

hh3cAFCNotifyPrefix OBJECT IDENTIFIER ::= { hh3cAFCNotify 0 }

hh3cDDosAttackStart NOTIFICATION-TYPE
    OBJECTS {
        hh3cDDosAttackTargetIP,
        hh3cDDosAttackType,
        hh3cDDosAttackPolicy,
        hh3cDDosAttackThreshold,
        hh3cDDosAttackSpeed
        }
    STATUS  current
    DESCRIPTION
        "This trap is sent when a DDos attack on specific IP is detected.
         The IP address of the victim is the first object.
         The exact type of the attack is the second object.
         The policy name which detects the attack is the third object.
         The threshold of the attack is the 4th object.
         The speed of the attack is the 5th object."
    ::= {hh3cAFCNotifyPrefix 1}


hh3cDDosAttackEnd NOTIFICATION-TYPE
    OBJECTS {
        hh3cDDosAttackTargetIP
        }
    STATUS  current
    DESCRIPTION
        "This trap is sent when a DDos Attack end.  The IP address of the
        victim is the very object."
    ::= {hh3cAFCNotifyPrefix 2}

END