-- Copyright (c) 1999-2004, Juniper Networks, Inc. -- All rights reserved. NETSCREEN-TRAP-MIB DEFINITIONS ::= BEGIN IMPORTS netscreenTrap, netscreenTrapInfo FROM NETSCREEN-SMI MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE FROM SNMPv2-SMI DisplayString FROM SNMPv2-TC ; netscreenTrapMibModule MODULE-IDENTITY LAST-UPDATED "200503032022Z" -- March 03, 2005 ORGANIZATION "Juniper Networks, Inc." CONTACT-INFO "Customer Support 1194 North Mathilda Avenue Sunnyvale, California 94089-1206 USA Tel: 1-800-638-8296 E-mail: customerservice@juniper.net HTTP://www.juniper.net" DESCRIPTION "Added 5 new trap types - 800-804. Removed 1000." REVISION "200510170000Z" -- Oct 17, 2005 DESCRIPTION "Added 4 new trap types - ipv6 ip conflicts(101), dip util raise(102) and clear(103), ids-icmp-ping-id-zero(441)." REVISION "200503030000Z" -- March 03, 2005 DESCRIPTION "Trap MIB" REVISION "200409100000Z" -- Sep 10, 2004 DESCRIPTION "Removed nsTrapType 3, 15,18,19 and 1000" REVISION "200405030000Z" -- May 03, 2004 DESCRIPTION "Modified copyright and contact information" REVISION "200403030000Z" -- March 03, 2004 DESCRIPTION "Converted to SMIv2 by Longview Software" REVISION "200401230000Z" -- January 23, 2004 DESCRIPTION "Add new traps (430~434)" REVISION "200109280000Z" -- September 28, 2001 DESCRIPTION "Add global-report manager specific trap" REVISION "200008020000Z" -- August 02, 2000 DESCRIPTION "Creation Date" ::= { netscreenTrapInfo 0 } netscreenTrapHw NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc } STATUS current DESCRIPTION "This trap indicates that some kind of hardware problem has occured." ::= { netscreenTrap 100 } netscreenTrapFw NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc } STATUS current DESCRIPTION "This trap indicates that some kind of firewall functions has been triggered." ::= { netscreenTrap 200 } netscreenTrapSw NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc } STATUS current DESCRIPTION "This trap indicates that some kind of software problem has occured." ::= { netscreenTrap 300 } netscreenTrapTrf NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc } STATUS current DESCRIPTION "This trap indicates that some kind of traffic conditions has been triggered." ::= { netscreenTrap 400 } netscreenTrapVpn NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc } STATUS current DESCRIPTION "This trap indicates that VPN tunnel status has occured." ::= { netscreenTrap 500 } netscreenTrapNsrp NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc } STATUS current DESCRIPTION "This trap indicates that NSRP status has occured." ::= { netscreenTrap 600 } netscreenTrapGPRO NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc } STATUS current DESCRIPTION "This trap indicates that some kind of Global PRO problems has occurred." ::= { netscreenTrap 700 } netscreenTrapDrp NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc } STATUS current DESCRIPTION "This trap indicates that Drp status has occured." ::= { netscreenTrap 800 } netscreenTrapIFFailover NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc } STATUS current DESCRIPTION "This trap indicates that interface fail over status has occured." ::= { netscreenTrap 900 } netscreenTrapIDPAttack NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc } STATUS current DESCRIPTION "This trap indicates that IDP attack status has occured." ::= { netscreenTrap 1000 } netscreenTrapType OBJECT-TYPE SYNTAX INTEGER { -- Traffic per-second threshold traffic-sec(1), -- Traffic per-minute threshold traffic-min(2), -- Winnuke pak winnuke(4), -- Syn attack syn-attack(5), -- tear-drop attack tear-drop(6), -- Ping of Death attack ping-death(7), -- IP spoofing attack ip-spoofing(8), -- IP source routing attack ip-src-route(9), -- land attack land(10), -- ICMP flooding attack icmp-flood(11), -- UDP flooding attack udp-flood(12), -- Illegal server IP to connect to CMS port illegal-cms-svr(13), -- URL blocking server connection alarm url-block-srv(14), -- Port Scan attack port-scan(16), -- address sweep attack addr-sweep(17), -- memory low low-memory(20), -- DNS server unreachable dns-srv-down(21), -- Fan, Power Supply failure generic-HW-fail(22), -- Load balance server unreachable lb-srv-down(23), -- log buffer overflow log-full(24), -- X509 related x509(25), -- VPN and IKE related vpn-ike(26), -- admin realted admin(27), -- Illegal src ip to connect to sme port sme(28), -- DHCP related dhcp(29), -- CPU usage is high cpu-usage-high(30), -- Interface IP conflict ip-conflict(31), -- Microsoft IIS server vulnerability attact-malicious-url(32), -- session threshold is exceeded session-threshold(33), -- SSH related alarms ssh-alarm(34), -- VPN tunnel from down to up vpn-tunnel-up(40), -- VPN tunnel from up to down vpn-tunnel-down(41), -- VPN replay detected vpn-replay-attack(42), -- VPN tunnel removed vpn-l2tp-tunnel-remove(43), -- VPN tunnel removed and error detected vpn-l2tp-tunnel-remove-err(44), -- VPN call removed vpn-l2tp-call-remove(45), -- VPN call removed and error detected vpn-l2tp-call-remove-err(46), -- Number of IAS exceeds configured maximum vpn-ias-too-many(47), -- Number of IAS crossed configured upper threshold vpn-ias-over-threshold(48), -- Number of IAS crossed configured lower threshold vpn-ias-under-threshold(49), -- IKE error occured for the IAS session vpn-ias-ike-error(50), -- allocated session exceed threshold allocated-session-threshold(51), -- AV Scan Manager Alarm, sofeware trap av-scan-mgr(554), -- NSRP rto self unit status change from up to down nsrp-rto-up(60), -- NSRP rto self unit status change from down to up nsrp-rto-down(61), -- NSRP track ip successed nsrp-trackip-success(62), -- NSRP track ip failed nsrp-trackip-failed(63), -- NSRP track ip fail over nsrp-trackip-failover(64), -- NSRP inconsistent configuration between master and backup nsrp-inconsistent-configuration(65), -- NSRP vsd group status change to elect nsrp-vsd-init(70), -- NSRP vsd group status change to master nsrp-vsd-master(71), -- NSRP vsd group status change to primary backup nsrp-vsd-pbackup(72), -- NSRP vsd group status change to backup nsrp-vsd-backup(73), -- NSRP vsd group status change to ineligible nsrp-vsd-ineligible(74), -- NSRP VSD group status change to inoperable nsrp-vsd-inoperable(75), -- NSRP VSD request heartbeat from 2nd HA path nsrp-vsd-req-hearbeat-2nd(76), -- NSRP VSD reply to 2nd path request nsrp-vsd-reply-2nd(77), -- NSRP duplicated RTO group found nsrp-rto-duplicated(78), -- DC fails to re-connect to MC dc-fail-reconnect-mc(79), -- MC fails to re-connect to Db mc-fail-reconnect-db(80), -- DC fails to initialize dc-fail-init(81), -- MC fails to initialize mc-fail-init(82), -- Unknown device trying to connect to a DC unknown-connect-attempt-dc(83), -- DC has been reinitialized/restarted (similar meaning as the cold -- start trap generated by the device) dc-reinit(84), -- MC has been restarted mc-reinit(85), -- DC fails to authenticate to a device dc-fail-auth(86), -- DC / MC are not running the same version dc-mc-version-unmatch(87), -- DC's traffic log files are full dc-log-full(88), -- NetScreen device connected to Global PRO device-connect-dc(89), -- NetScreen device dis-connected from Global PRO device-disconnect-dc(90), -- A USB key is plug/unplug from USB port usb-device-operation(93), -- No ppp IP pool configured ppp-no-ip-cfg(95), -- IP pool exhausted. No ip to assign ppp-no-ip-in-pool(96), -- Interface IPv6 address conflict ipv6-conflict(101), -- DIP utilization reaches raised threshold limit dip-util-raise(102), -- DIP utilization reaches clear threshold limit dip-util-clear(103), -- Errors in route module (exceed limit, malloc failure, add-perfix failure etc) route-alarm(205), -- LSA/Hello packets flood in OSPF, route redistribution exceed limit, ospf-flood(206), -- Update packet floods in RIP rip-flood(207), -- Peer forms adjacency completely bgp-established(208), -- Peer's adjacency is torn down, goes to Idle state bgp-backwardtransition(209), -- change in virtual link's state (down, point-to-point etc) ospf-virtifstatechange(210), -- change in neighbor's state on regular interface (down, 2way, full etc) ospf-nbrstatechange(211), -- change in neighbor's state on virtual link (down, full etc) ospf-virtnbrstatechange(212), -- authentication mismatch/area mismatch etc on regular interface ospf-ifconfigerror(213), -- authentication mismatch/area mismatch etc on virtual link ospf-virtifconfigerror(214), -- Authentication eror on regular interface ospf-ifauthfailure(215), -- Authentication eror on virtual link ospf-virtifauthfailure(216), -- lsa received with invalid lsa-type on regular interface ospf-ifrxbadpacket(217), -- lsa received with invalid lsa-type on virtual link ospf-virtifrxbadpacket(218), -- retransmission to neighbor on regular interface ospf-txretransmit(219), -- retransmission to neighbor on virtual link ospf-virtiftxretransmit(220), -- new LSA generated by local router ospf-originatelsa(221), -- LSA aged out ospf-maxagelsa(222), -- when total LSAs in database exceed predefined limit ospf-lsdboverflow(223), -- when total LSAs in database approach predefined limit ospf-lsdbapproachingoverflow(224), -- change in regular interface state (up/down, dr/bdr etc) ospf-ifstatechange(225), -- block java/active-x component ids-component(400), -- icmp flood attack ids-icmp-flood(401), -- udp flood attack ids-udp-flood(402), -- winnuke attack ids-winnuke(403), -- port scan attack ids-port-scan(404), -- address sweep attack ids-addr-sweep(405), -- tear drop attack ids-tear-drop(406), -- syn flood attack ids-syn(407), -- ip spoofing attack ids-ip-spoofing(408), -- ping of death attack ids-ping-death(409), -- filter ip packet with source route option ids-ip-source-route(410), -- land attack ids-land(411), -- screen syn fragment attack syn-frag-attack(412), -- screen tcp packet without flag attack tcp-without-flag(413), -- screen unknown ip packet unknow-ip-packet(414), -- screen bad ip option bad-ip-option(415), -- Dst IP-based session limiting dst-ip-session-limit(430), -- HTTP component blocking for .zip files ids-block-zip(431), -- HTTP component blocking for Java applets ids-block-jar(432), -- HTTP component blocking for .exe files ids-block-exe(433), -- HTTP component blocking for ActiveX controls ids-block-activex(434), -- screen icmp fragment packet icmp-fragment(435), -- screen too large icmp packet too-large-icmp(436), -- screen tcp flag syn-fin set tcp-syn-fin(437), -- screen tcp fin without ack tcp-fin-no-ack(438), -- avoid replying to syns after excessive 3 way TCP handshakes from -- same src ip but not proceeding with user auth. (not replying to -- username/password).. ids-tcp-syn-ack-ack(439), -- ip fragment ids-ip-block-frag(440), -- icmp ping id 0 ids-icmp-ping-id-zero(441), --Shared to fair transition forced cpu-limit-s2f-forced(800), --Shared to fair transition auto cpu-limit-s2f-auto(801), --Fair to shared transition forced cpu-limit-f2s-forced(802), --Fair to shared transition because of timeout cpu-limit-f2s-timeout(803), --Fair to shared transition auto cpu-limit-f2s-auto(804) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The integer value of the raised alarm type. Note that the type should be interpreted within a specific trap" ::= { netscreenTrapInfo 1 } netscreenTrapDesc OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The textual description of the alarm" ::= { netscreenTrapInfo 3 } END