1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
|
-- Copyright (c) 1999-2004, Juniper Networks, Inc.
-- All rights reserved.
NETSCREEN-TRAP-MIB DEFINITIONS ::= BEGIN
IMPORTS
netscreenTrap, netscreenTrapInfo
FROM NETSCREEN-SMI
MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE
FROM SNMPv2-SMI
DisplayString
FROM SNMPv2-TC
;
netscreenTrapMibModule MODULE-IDENTITY
LAST-UPDATED "200503032022Z" -- March 03, 2005
ORGANIZATION
"Juniper Networks, Inc."
CONTACT-INFO
"Customer Support
1194 North Mathilda Avenue
Sunnyvale, California 94089-1206
USA
Tel: 1-800-638-8296
E-mail: customerservice@juniper.net
HTTP://www.juniper.net"
DESCRIPTION
"Added trap types 15, it is still in use"
REVISION "200803170000Z" -- Mar 17, 2008
DESCRIPTION
"Added 5 new trap types - 800-804. Removed 1000."
REVISION "200510170000Z" -- Oct 17, 2005
DESCRIPTION
"Added 4 new trap types - ipv6 ip conflicts(101), dip util raise(102) and clear(103),
ids-icmp-ping-id-zero(441)."
REVISION "200503030000Z" -- March 03, 2005
DESCRIPTION
"Trap MIB"
REVISION "200409100000Z" -- Sep 10, 2004
DESCRIPTION
"Removed nsTrapType 3, 15,18,19 and 1000"
REVISION "200405030000Z" -- May 03, 2004
DESCRIPTION
"Modified copyright and contact information"
REVISION "200403030000Z" -- March 03, 2004
DESCRIPTION
"Converted to SMIv2 by Longview Software"
REVISION "200401230000Z" -- January 23, 2004
DESCRIPTION
"Add new traps (430~434)"
REVISION "200109280000Z" -- September 28, 2001
DESCRIPTION
"Add global-report manager specific trap"
REVISION "200008020000Z" -- August 02, 2000
DESCRIPTION
"Creation Date"
::= { netscreenTrapInfo 0 }
netscreenTrapHw NOTIFICATION-TYPE
OBJECTS
{ netscreenTrapType, netscreenTrapDesc }
STATUS current
DESCRIPTION
"This trap indicates that some kind of hardware problem has
occured."
::= { netscreenTrap 100 }
netscreenTrapFw NOTIFICATION-TYPE
OBJECTS
{ netscreenTrapType, netscreenTrapDesc }
STATUS current
DESCRIPTION
"This trap indicates that some kind of firewall functions has
been triggered."
::= { netscreenTrap 200 }
netscreenTrapSw NOTIFICATION-TYPE
OBJECTS
{ netscreenTrapType, netscreenTrapDesc }
STATUS current
DESCRIPTION
"This trap indicates that some kind of software problem has
occured."
::= { netscreenTrap 300 }
netscreenTrapTrf NOTIFICATION-TYPE
OBJECTS
{ netscreenTrapType, netscreenTrapDesc }
STATUS current
DESCRIPTION
"This trap indicates that some kind of traffic conditions has
been triggered."
::= { netscreenTrap 400 }
netscreenTrapVpn NOTIFICATION-TYPE
OBJECTS
{ netscreenTrapType, netscreenTrapDesc }
STATUS current
DESCRIPTION
"This trap indicates that VPN tunnel status has occured."
::= { netscreenTrap 500 }
netscreenTrapNsrp NOTIFICATION-TYPE
OBJECTS
{ netscreenTrapType, netscreenTrapDesc }
STATUS current
DESCRIPTION
"This trap indicates that NSRP status has occured."
::= { netscreenTrap 600 }
netscreenTrapGPRO NOTIFICATION-TYPE
OBJECTS
{ netscreenTrapType, netscreenTrapDesc }
STATUS current
DESCRIPTION
"This trap indicates that some kind of Global PRO problems has
occurred."
::= { netscreenTrap 700 }
netscreenTrapDrp NOTIFICATION-TYPE
OBJECTS
{ netscreenTrapType, netscreenTrapDesc }
STATUS current
DESCRIPTION
"This trap indicates that Drp status has occured."
::= { netscreenTrap 800 }
netscreenTrapIFFailover NOTIFICATION-TYPE
OBJECTS
{ netscreenTrapType, netscreenTrapDesc }
STATUS current
DESCRIPTION
"This trap indicates that interface fail over status has
occured."
::= { netscreenTrap 900 }
netscreenTrapIDPAttack NOTIFICATION-TYPE
OBJECTS
{ netscreenTrapType, netscreenTrapDesc }
STATUS current
DESCRIPTION
"This trap indicates that IDP attack status has occured."
::= { netscreenTrap 1000 }
netscreenTrapType OBJECT-TYPE
SYNTAX INTEGER {
-- Traffic per-second threshold
traffic-sec(1),
-- Traffic per-minute threshold
traffic-min(2),
-- Multiple user auth fail alarm type
multi-auth-fail(3),
-- Winnuke pak
winnuke(4),
-- Syn attack
syn-attack(5),
-- tear-drop attack
tear-drop(6),
-- Ping of Death attack
ping-death(7),
-- IP spoofing attack
ip-spoofing(8),
-- IP source routing attack
ip-src-route(9),
-- land attack
land(10),
-- ICMP flooding attack
icmp-flood(11),
-- UDP flooding attack
udp-flood(12),
-- Illegal server IP to connect to CMS port
illegal-cms-svr(13),
-- URL blocking server connection alarm
url-block-srv(14),
-- high availability
high-availability(15),
-- Port Scan attack
port-scan(16),
-- address sweep attack
addr-sweep(17),
-- deny by policy attack
deny-policy(18),
-- device is dead
device-dead(19)
-- memory low
low-memory(20),
-- DNS server unreachable
dns-srv-down(21),
-- Fan, Power Supply failure
generic-HW-fail(22),
-- Load balance server unreachable
lb-srv-down(23),
-- log buffer overflow
log-full(24),
-- X509 related
x509(25),
-- VPN and IKE related
vpn-ike(26),
-- admin realted
admin(27),
-- Illegal src ip to connect to sme port
sme(28),
-- DHCP related
dhcp(29),
-- CPU usage is high
cpu-usage-high(30),
-- Interface IP conflict
ip-conflict(31),
-- Microsoft IIS server vulnerability
attact-malicious-url(32),
-- session threshold is exceeded
session-threshold(33),
-- SSH related alarms
ssh-alarm(34),
-- Audit storage related alarms
audit-storage(35),
-- memory normal
memory-normal(36),
-- cpu usage normal
cpu-usage-normal(37)
-- driver's rx bd shortage
rxbd-low-alarm(39),
-- VPN tunnel from down to up
vpn-tunnel-up(40),
-- VPN tunnel from up to down
vpn-tunnel-down(41),
-- VPN replay detected
vpn-replay-attack(42),
-- VPN tunnel removed
vpn-l2tp-tunnel-remove(43),
-- VPN tunnel removed and error detected
vpn-l2tp-tunnel-remove-err(44),
-- VPN call removed
vpn-l2tp-call-remove(45),
-- VPN call removed and error detected
vpn-l2tp-call-remove-err(46),
-- Number of IAS exceeds configured maximum
vpn-ias-too-many(47),
-- Number of IAS crossed configured upper threshold
vpn-ias-over-threshold(48),
-- Number of IAS crossed configured lower threshold
vpn-ias-under-threshold(49),
-- IKE error occured for the IAS session
vpn-ias-ike-error(50),
-- allocated session exceed threshold
allocated-session-threshold(51),
-- av-csp related alarm
av-csp-alarm(52),
-- av related alarm
av-alarm(53),
-- apppry related alarm
apppry-alarm(54),
-- NSRP rto self unit status change from up to down
nsrp-rto-up(60),
-- NSRP rto self unit status change from down to up
nsrp-rto-down(61),
-- NSRP track ip successed
nsrp-trackip-success(62),
-- NSRP track ip failed
nsrp-trackip-failed(63),
-- NSRP track ip fail over
nsrp-trackip-failover(64),
-- NSRP inconsistent configuration between master and backup
nsrp-inconsistent-configuration(65),
-- track ip status related alarm
trackip-status(66),
-- NSRP vsd group status change to elect
nsrp-vsd-init(70),
-- NSRP vsd group status change to master
nsrp-vsd-master(71),
-- NSRP vsd group status change to primary backup
nsrp-vsd-pbackup(72),
-- NSRP vsd group status change to backup
nsrp-vsd-backup(73),
-- NSRP vsd group status change to ineligible
nsrp-vsd-ineligible(74),
-- NSRP VSD group status change to inoperable
nsrp-vsd-inoperable(75),
-- NSRP VSD request heartbeat from 2nd HA path
nsrp-vsd-req-hearbeat-2nd(76),
-- NSRP VSD reply to 2nd path request
nsrp-vsd-reply-2nd(77),
-- NSRP duplicated RTO group found
nsrp-rto-duplicated(78),
-- NSRP duplicated VSD group master
ip-dup-master(79),
-- MEM cannot find usable memory for current pool
di-heap-create-fail(80),
-- MEM cannot find usable in any pool
mem-alloc-fail(81),
-- VRRP status related alarm
vrrp-status-alarm(82),
-- SCCP related alarm
sccp-alarm(83),
-- MGCP related alarm
mgcp-reinit(84),
-- MLFR related alarm
mlfr-alarm(85),
-- FR related alarm
fr-alarm(86),
-- CISCO HDLC related alarm
cisco-hdlc-alarm(87),
-- PPPOW related alarm
pppow-alarm(88),
-- H323 related alarm
h323-alarm(89),
-- ISDN related alarm
isdn-alarm(90),
-- interface backup
interface-backup(91),
-- Card function is abnormal
wan-card-function(92),
-- A USB key is plug/unplug from USB port
usb-device-operation(93),
-- interface failure
interface-failure(94),
-- No ppp IP pool configured
ppp-no-ip-cfg(95),
-- IP pool exhausted. No ip to assign
ppp-no-ip-in-pool(96),
-- Any change to interface IP address can use the type
ip-addr-event(101),
-- DIP utilization reaches raised threshold limit
dip-util-raise(102),
-- DIP utilization reaches clear threshold limit
dip-util-clear(103),
-- DOT1X related alarm
dot1x-alarm(105),
-- VPN IAS radius error
vpn-ias-radius-error(110),
-- VPN IKEID enum attack
vpn-ikeid-enum-attack(111),
-- VPN soft limit reached
vpn-softlimit-reached(112),
-- VPN IKE dos attack
vpn-ikedos-attack(113),
-- VPN acvpn profile error
vpn-acvpn-profile-error(114),
-- exceed maximum routing entry allowed for the system
route-sys-entry-ex(200),
-- exceed maximum routing entry allowed for a vr
route-vr-entry-ex(201),
-- exceed the hello packet threshold per hello interval
route-ospf-hello-flood(202),
-- exceed the lsa packet threshold per lsa threshold
route-ospf-lsa-flood(203),
-- exceed the update4 packet threshold per update time in rip
route-rip-update-flood(204),
-- Errors in route module (exceed limit, malloc failure, add-perfix failure etc)
route-alarm(205),
-- LSA/Hello packets flood in OSPF, route redistribution exceed limit,
ospf-flood(206),
-- Update packet floods in RIP
rip-flood(207),
-- Peer forms adjacency completely
bgp-established(208),
-- Peer's adjacency is torn down, goes to Idle state
bgp-backwardtransition(209),
-- change in virtual link's state (down, point-to-point etc)
ospf-virtifstatechange(210),
-- change in neighbor's state on regular interface (down, 2way, full etc)
ospf-nbrstatechange(211),
-- change in neighbor's state on virtual link (down, full etc)
ospf-virtnbrstatechange(212),
-- authentication mismatch/area mismatch etc on regular interface
ospf-ifconfigerror(213),
-- authentication mismatch/area mismatch etc on virtual link
ospf-virtifconfigerror(214),
-- Authentication eror on regular interface
ospf-ifauthfailure(215),
-- Authentication eror on virtual link
ospf-virtifauthfailure(216),
-- lsa received with invalid lsa-type on regular interface
ospf-ifrxbadpacket(217),
-- lsa received with invalid lsa-type on virtual link
ospf-virtifrxbadpacket(218),
-- retransmission to neighbor on regular interface
ospf-txretransmit(219),
-- retransmission to neighbor on virtual link
ospf-virtiftxretransmit(220),
-- new LSA generated by local router
ospf-originatelsa(221),
-- LSA aged out
ospf-maxagelsa(222),
-- when total LSAs in database exceed predefined limit
ospf-lsdboverflow(223),
-- when total LSAs in database approach predefined limit
ospf-lsdbapproachingoverflow(224),
-- change in regular interface state (up/down, dr/bdr etc)
ospf-ifstatechange(225),
-- BGP related alarm
bgp-alarm(226),
-- packet floods in RIPng
ripng-flood(227),
-- exceed the update4 packet threshold per update time in ripng
route-ripng-update-flood(228),
-- PBR related alarm
pbr-alarm(229),
-- NHRP related alarm
nhrp-alarm(230),
-- OSPFV3 related alarm
ospfv3-alarm(231),
-- block java/active-x component
ids-component(400),
-- icmp flood attack
ids-icmp-flood(401),
-- udp flood attack
ids-udp-flood(402),
-- winnuke attack
ids-winnuke(403),
-- port scan attack
ids-port-scan(404),
-- address sweep attack
ids-addr-sweep(405),
-- tear drop attack
ids-tear-drop(406),
-- syn flood attack
ids-syn(407),
-- ip spoofing attack
ids-ip-spoofing(408),
-- ping of death attack
ids-ping-death(409),
-- filter ip packet with source route option
ids-ip-source-route(410),
-- land attack
ids-land(411),
-- screen syn fragment attack
syn-frag-attack(412),
-- screen tcp packet without flag attack
tcp-without-flag(413),
-- screen unknown ip packet
unknow-ip-packet(414),
-- screen bad ip option
bad-ip-option(415),
-- screen ip option record
ip-option-record(416),
-- screen ip option timestamp
ip-option-timestamp(417),
-- screen ip option scht
ip-option-scht(418),
-- screen ip option lsr
ip-option-lsr(419),
-- screen ip option ssr
ip-option-ssr(420),
-- screen ip option stream
ip-option-stream(421),
-- screen icmp fragment packet
icmp-fragment(422),
-- screen too large icmp packet
too-large-icmp(423),
-- screen tcp flag syn-fin set
tcp-syn-fin(424),
-- screen tcp fin without ack
tcp-fin-no-ack(425),
-- screen mal url
tcp-mal-url(426),
-- screen sess mal num
tcp-sess-mal-num(427),
-- avoid replying to syns after excessive 3 way TCP handshakes from
-- same src ip but not proceeding with user auth. (not replying to
-- username/password)..
ids-tcp-syn-ack-ack(428),
-- ip fragment
ids-ip-block-frag(429),
-- Dst IP-based session limiting
dst-ip-session-limit(430),
-- HTTP component blocking for .zip files
ids-block-zip(431),
-- HTTP component blocking for Java applets
ids-block-jar(432),
-- HTTP component blocking for .exe files
ids-block-exe(433),
-- HTTP component blocking for ActiveX controls
ids-block-activex(434),
-- screenos tcp syn mac
tcp-syn-mac(435),
-- screenos nac attack
ids-nac-attack(436),
-- icmp ping id 0
ids-icmp-ping-id-zero(441),
-- tcp sweep
tcp-sweep(442),
-- udp sweep
udp-sweep(443),
-- AV Scan Manager Alarm, sofeware trap
av-scan-mgr(554),
-- starting value for multicast alarm
mcast-base(600),
-- mcore related alarm
mcore-alarm(601),
-- spim related alarm
spim-alarm(602),
-- starting value for Security Module alarm
sm-base(700),
-- Security Module down detected
sm-down(701),
-- Security Module packet droped detected
sm-packet-drop(702),
-- Security Module memory, CPU and session detected
sm-overload(703),
-- Security Module CPU unresponsive detected
sm-cpu-unresponsive(704),
-- Security Module Engine unresponisve
sm-cpu-unresponsive(705),
-- Secruity Module Policy Abnormal
sm-policy-abnormal(706),
-- switch alarm
switch(751),
-- sfp alarm
sfp(752),
--Shared to fair transition forced
cpu-limit-s2f-forced(800),
--Shared to fair transition auto
cpu-limit-s2f-auto(801),
--Fair to shared transition forced
cpu-limit-f2s-forced(802),
--Fair to shared transition because of timeout
cpu-limit-f2s-timeout(803),
--Fair to shared transition auto
cpu-limit-f2s-auto(804),
--Flow potential violation
sec-potential-voilation(805),
--Flow session cache alarm
flow-sess-cache(806),
--vsys session limit alarm
vsys-session-limit(850)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The integer value of the raised alarm type. Note that the type
should be interpreted within a specific trap"
::= { netscreenTrapInfo 1 }
netscreenTrapDesc OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..255))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The textual description of the alarm"
::= { netscreenTrapInfo 3 }
END
|
