NS-TRAPS.mib

-- These MIBs were created on 08/02/2000
--
-- Copyright (c) 1999-2004, Juniper Networks, Inc.
-- All rights reserved.
--
-- MODULE-IDENTITY
--  OrgName
--    Juniper Networks, Inc.
--  ContactInfo
--     Customer Support
--     
--     1194 North Mathilda Avenue 
--     Sunnyvale, California 94089-1206
--     USA
--     
--     Tel: 1-800-638-8296
--     E-mail: customerservice@juniper.net
--     HTTP://www.juniper.net"
--  Added trap types 15, it is still in use
--  Last modified date: Mar 17, 2008
--  Added 5 new trap types - 800-804, 
--  Last modified date: 10/17/2005
--  Added 4 new trap types - ipv6 ip conflicts(101), dip util raise(102) and clear(103), 
--  ids-icmp-ping-id-zero(441).
--  Last modified date: 03/03/2005
--  Removed nsTrapType 15, 18 and 1000
--  Last modified date: 09/10/2004
--  Modified copyright and contact info
--  Last modified date: 05/03/2004
--  Add global-report manager specific trap
--  Last modified date: 09/28/2001
--  Add new traps (430~434)
--  Last modified date: 1/23/2004
--  Add traffic traps (1,2) and route traps (205~225)
--  Last modified date: 3/24/2004
-- 

NETSCREEN-TRAP-MIB DEFINITIONS ::= BEGIN
IMPORTS
    enterprises FROM RFC1155-SMI
    DisplayString FROM RFC1213-MIB
    netscreen, netscreenTrapInfo FROM NETSCREEN-SMI;
    
netscreenTrapType OBJECT-TYPE 
        SYNTAX  INTEGER {
                traffic-sec(1),  -- Traffic per-second threshold
                traffic-min(2),  -- Traffic per-minute threshold
                winnuke(4),             -- Winnuke pak
                syn-attack(5),  -- Syn attack
                tear-drop(6),           -- tear-drop attack
                ping-death(7),  -- Ping of Death attack
                ip-spoofing(8), -- IP spoofing attack
                ip-src-route(9),        -- IP source routing attack
                land(10),               -- land attack
                icmp-flood(11), -- ICMP flooding attack
                udp-flood(12),  -- UDP flooding attack  
        
                illegal-cms-svr(13),    -- Illegal server IP to connect to CMS port             
                url-block-srv(14),      -- URL blocking server connection alarm
                high-availability(15),  -- high availability
         
                port-scan(16),  -- Port Scan attack
                addr-sweep(17), -- address sweep attack
                                  
                low-memory(20), -- memory low
                                  
                dns-srv-down(21),       -- DNS server unreachable
                generic-HW-fail(22),    -- Fan, Power Supply failure
                lb-srv-down(23),        -- Load balance server unreachable
                log-full(24),           -- log buffer overflow
                x509(25),               -- X509 related 
                vpn-ike(26),            -- VPN and IKE related
                admin(27),              -- admin realted
                sme(28),                -- Illegal src ip to connect to sme port
                dhcp(29),               -- DHCP related 
                cpu-usage-high(30),     -- CPU usage is high
                ip-conflict(31),                        -- Interface IP conflict 
                attact-malicious-url(32),       -- Microsoft IIS server vulnerability 
                session-threshold(33),          -- session threshold is exceeded 
                ssh-alarm(34),                          -- SSH related alarms 
                av-scan-mgr(554),                       -- AV Scan Manager Alarm
                vpn-tunnel-up(40),      -- VPN tunnel from down to up   
                vpn-tunnel-down(41),    -- VPN tunnel from up to down   
                vpn-replay-attack(42),          -- VPN replay detected
        vpn-l2tp-tunnel-remove(43),     -- VPN tunnel removed
        vpn-l2tp-tunnel-remove-err(44), -- VPN tunnel removed and error detected 
        vpn-l2tp-call-remove(45),       -- VPN call removed
        vpn-l2tp-call-remove-err(46),   -- VPN call removed and error detected
                vpn-ias-too-many(47),   -- Number of IAS exceeds configured maximum
                vpn-ias-over-threshold(48),     -- Number of IAS crossed configured upper threshold
                vpn-ias-under-threshold(49),    -- Number of IAS crossed configured lower threshold
                vpn-ias-ike-error(50),  -- IKE error occured for the IAS session
                allocated-session-threshold(51),        -- allocated session exceed threshold
                nsrp-rto-up(60),      -- NSRP rto self unit status change from up to down     
                nsrp-rto-down(61),      -- NSRP rto self unit status change from down to up     
                nsrp-trackip-success(62),     -- NSRP track ip successed      
                nsrp-trackip-failed(63),      -- NSRP track ip failed 
                nsrp-trackip-failover(64),    -- NSRP track ip fail over
                nsrp-inconsistent-configuration(65),    -- NSRP inconsistent configuration between master and backup
                nsrp-vsd-init(70),    -- NSRP vsd  group status change to elect
                nsrp-vsd-master(71),  -- NSRP vsd  group status change to master
                nsrp-vsd-pbackup(72), -- NSRP vsd  group status change to primary backup
                nsrp-vsd-backup(73),  -- NSRP vsd  group status change to backup
                nsrp-vsd-ineligible(74),       -- NSRP vsd  group status change to ineligible
                nsrp-vsd-inoperable(75),        -- NSRP VSD group status change to inoperable
                nsrp-vsd-req-hearbeat-2nd(76),  -- NSRP VSD request heartbeat from 2nd HA path 
                nsrp-vsd-reply-2nd(77),         -- NSRP VSD reply to 2nd path request 
                nsrp-rto-duplicated(78),        -- NSRP duplicated RTO group found 
        
                dc-fail-reconnect-mc(79), -- DC fails to re-connect to MC 
                mc-fail-reconnect-db(80), -- MC fails to re-connect to Db 
                dc-fail-init(81), -- DC fails to initialize 
                mc-fail-init(82), -- MC fails to initialize 
                unknown-connect-attempt-dc(83), -- Unknown device trying to connect to a DC 
                dc-reinit(84), -- DC has been reinitialized/restarted (similar meaning as the cold start trap generated by the device)
                mc-reinit(85), -- MC has been restarted
                dc-fail-auth(86), -- DC fails to authenticate to a device
                dc-mc-version-unmatch(87), -- DC / MC are not running the same version
                dc-log-full(88), -- DC's traffic log files are full
                device-connect-dc(89),   -- NetScreen device connected to Global PRO 
                device-disconnect-dc(90),   -- NetScreen device dis-connected from Global PRO 
                usb-device-operation(93),   -- A USB key is plug/unplug from USB port 
                ppp-no-ip-cfg(95),   -- No ppp IP pool configured 
                ppp-no-ip-in-pool(96),   -- IP pool exhausted. No ip to assign
                ipv6-conflict(101),                     -- Interface IPv6 address conflict 
                dip-util-raise(102),            -- DIP utilization reaches raised threshold limit
                dip-util-clear(103),            -- DIP utilization reaches clear threshold limit
                route-alarm(205),                               -- Errors in route module (exceed limit, malloc failure, add-perfix failure etc) 
                osfp-flood(206),                                        -- LSA/Hello packets flood in OSPF, route redistribution exceed limit, 
                rip-flood(207),                                 -- Update packet floods in RIP 
                bgp-established(208),                   -- Peer forms adjacency completely
                bgp-backwardtransition(209),            -- Peer's adjacency is torn down, goes to Idle state
                ospf-virtifstatechange(210),            -- change in virtual link's state (down, point-to-point etc)
                ospf-nbrstatechange(211),               -- change in neighbor's state on regular interface (down, 2way, full etc)
                ospf-virtnbrstatechange(212),   -- change in neighbor's state on virtual link (down, full etc)
                ospf-ifconfigerror(213),                        -- authentication mismatch/area mismatch etc on regular interface
                ospf-virtifconfigerror(214),            -- authentication mismatch/area mismatch etc on virtual link
                ospf-ifauthfailure(215),                        -- Authentication eror on regular interface
                ospf-virtifauthfailure(216),            -- Authentication eror on virtual link
                ospf-ifrxbadpacket(217),                        -- lsa received with invalid lsa-type on regular interface
                ospf-virtifrxbadpacket(218),            -- lsa received with invalid lsa-type on virtual link
                ospf-txretransmit(219),                 -- retransmission to neighbor on regular interface
                ospf-virtiftxretransmit(220),   -- retransmission to neighbor on virtual link
                ospf-originatelsa(221),                 -- new LSA generated by local router
                ospf-maxagelsa(222),                            -- LSA aged out
                ospf-lsdboverflow(223),                 -- when total LSAs in database exceed predefined limit
                ospf-lsdbapproachingoverflow(224), -- when total LSAs in database approach predefined limit
                ospf-ifstatechange(225),                        -- change in regular interface state (up/down, dr/bdr etc)

                ids-component(400),                     -- block java/active-x component
                ids-icmp-flood(401),            -- icmp flood attack
                ids-udp-flood(402),                     -- udp flood attack
                ids-winnuke(403),                       -- winnuke attack
                ids-port-scan(404),                     -- port scan attack
                ids-addr-sweep(405),            -- address sweep attack
                ids-tear-drop(406),                     -- tear drop attack
                ids-syn(407),                           -- syn flood attack
                ids-ip-spoofing(408),           -- ip spoofing attack 
                ids-ping-death(409),            -- ping of death attack
                ids-ip-source-route(410),       -- filter ip packet with source route option
                ids-land(411),                          -- land attack
                syn-frag-attack(412), -- screen syn fragment attack
                tcp-without-flag(413),  -- screen tcp packet without flag attack
                unknow-ip-packet(414), -- screen unknown ip packet  
                bad-ip-option(415), -- screen   bad ip option
                dst-ip-session-limit(430),      -- Dst IP-based session limiting
                ids-block-zip(431),                     -- HTTP component blocking for .zip files
                ids-block-jar(432),                     -- HTTP component blocking for Java applets
                ids-block-exe(433),                     -- HTTP component blocking for .exe files
                ids-block-activex(434),         -- HTTP component blocking for ActiveX controls
                icmp-fragment(435), -- screen icmp fragment packet
                too-large-icmp(436),-- screen too large icmp packet 
                tcp-syn-fin(437),   -- screen tcp flag syn-fin set
                tcp-fin-no-ack(438),    -- screen tcp fin without ack
                ids-tcp-syn-ack-ack(439),       -- avoid replying to syns after excessive 3 way TCP handshakes from same 
                                                                        -- src ip but not proceeding with user auth. (not replying to username/password)..
                ids-ip-block-frag(440),         -- ip fragment
                cpu-limit-s2f-forced(800),   --Shared to fair transition forced
                cpu-limit-s2f-auto(801),     --Shared to fair transition auto
                cpu-limit-f2s-forced(802),   --Fair to shared transition forced
                cpu-limit-f2s-timeout(803),  --Fair to shared transition because of timeout
                cpu-limit-f2s-auto(804)      --Fair to shared transition auto
        }
        ACCESS  not-accessible
        STATUS  mandatory
        DESCRIPTION
                "The integer value of the raised alarm type.
                Note that the type should be interpreted within a specific trap"
        ::= { netscreenTrapInfo 1 }

netscreenTrapDesc OBJECT-TYPE 
        SYNTAX  DisplayString (SIZE (0..255))
        ACCESS  not-accessible
        STATUS  mandatory
        DESCRIPTION
                "The textual description of the alarm"
        ::= { netscreenTrapInfo 3 }

netscreenTrapHw TRAP-TYPE
        ENTERPRISE netscreen
        VARIABLES  { netscreenTrapType, netscreenTrapDesc  }
        DESCRIPTION
                "This trap indicates that some kind of hardware problem has occured."
        ::= 100

netscreenTrapFw TRAP-TYPE
        ENTERPRISE netscreen
        VARIABLES  { netscreenTrapType, netscreenTrapDesc  }
        DESCRIPTION
                "This trap indicates that some kind of firewall functions has been triggered."
             ::= 200

netscreenTrapSw TRAP-TYPE
             ENTERPRISE netscreen
             VARIABLES  { netscreenTrapType, netscreenTrapDesc  }
             DESCRIPTION
                "This trap indicates that some kind of software problem has occured."
             ::= 300

netscreenTrapTrf TRAP-TYPE
             ENTERPRISE netscreen
             VARIABLES  { netscreenTrapType, netscreenTrapDesc  }
             DESCRIPTION
                "This trap indicates that some kind of traffic conditions has been triggered."
             ::= 400

netscreenTrapVpn TRAP-TYPE
             ENTERPRISE netscreen
             VARIABLES  { netscreenTrapType, netscreenTrapDesc  }
             DESCRIPTION
                "This trap indicates that VPN tunnel status has occured."
             ::= 500

netscreenTrapNsrp TRAP-TYPE
             ENTERPRISE netscreen
             VARIABLES  { netscreenTrapType, netscreenTrapDesc  }
             DESCRIPTION
                "This trap indicates that NSRP status has occured."
             ::= 600
             
netscreenTrapGPRO TRAP-TYPE
             ENTERPRISE netscreen
             VARIABLES  { netscreenTrapType, netscreenTrapDesc  }
             DESCRIPTION
                "This trap indicates that some kind of Global PRO problems has occurred."
             ::= 700

netscreenTrapDrp TRAP-TYPE
             ENTERPRISE netscreen
             VARIABLES  { netscreenTrapType, netscreenTrapDesc  }
             DESCRIPTION
                "This trap indicates that Drp status has occured."
             ::= 800

netscreenTrapIFFailover TRAP-TYPE
             ENTERPRISE netscreen
             VARIABLES  { netscreenTrapType, netscreenTrapDesc  }
             DESCRIPTION
                "This trap indicates that interface fail over status has occured."
             ::= 900

netscreenTrapIDPAttack TRAP-TYPE
             ENTERPRISE netscreen
             VARIABLES  { netscreenTrapType, netscreenTrapDesc  }
             DESCRIPTION
                "This trap indicates that IDP attack status has occured."
             ::= 1000
END
OID .1.3.6.1.4.1.3224.2.1OID .1.3.6.1.4.1.3224.2.3TRAP .1.3.6.1.4.1.3224.100TRAP .1.3.6.1.4.1.3224.0.100TRAP .1.3.6.1.4.1.3224.0.0.100TRAP .1.3.6.1.4.1.3224.200TRAP .1.3.6.1.4.1.3224.0.200TRAP .1.3.6.1.4.1.3224.0.0.200TRAP .1.3.6.1.4.1.3224.300TRAP .1.3.6.1.4.1.3224.0.300TRAP .1.3.6.1.4.1.3224.0.0.300TRAP .1.3.6.1.4.1.3224.400TRAP .1.3.6.1.4.1.3224.0.400TRAP .1.3.6.1.4.1.3224.0.0.400TRAP .1.3.6.1.4.1.3224.500TRAP .1.3.6.1.4.1.3224.0.500TRAP .1.3.6.1.4.1.3224.0.0.500TRAP .1.3.6.1.4.1.3224.600TRAP .1.3.6.1.4.1.3224.0.600TRAP .1.3.6.1.4.1.3224.0.0.600TRAP .1.3.6.1.4.1.3224.700TRAP .1.3.6.1.4.1.3224.0.700TRAP .1.3.6.1.4.1.3224.0.0.700TRAP .1.3.6.1.4.1.3224.800TRAP .1.3.6.1.4.1.3224.0.800TRAP .1.3.6.1.4.1.3224.0.0.800TRAP .1.3.6.1.4.1.3224.900TRAP .1.3.6.1.4.1.3224.0.900TRAP .1.3.6.1.4.1.3224.0.0.900TRAP .1.3.6.1.4.1.3224.1000TRAP .1.3.6.1.4.1.3224.0.1000TRAP .1.3.6.1.4.1.3224.0.0.1000