-- These MIBs were created on 08/02/2000
--
-- Copyright (c) 1999-2004, Juniper Networks, Inc.
-- All rights reserved.
--
-- MODULE-IDENTITY
-- OrgName
-- Juniper Networks, Inc.
-- ContactInfo
-- Customer Support
--
-- 1194 North Mathilda Avenue
-- Sunnyvale, California 94089-1206
-- USA
--
-- Tel: 1-800-638-8296
-- E-mail: customerservice@juniper.net
-- HTTP://www.juniper.net"
-- Added trap types 15, it is still in use
-- Last modified date: Mar 17, 2008
-- Added 5 new trap types - 800-804,
-- Last modified date: 10/17/2005
-- Added 4 new trap types - ipv6 ip conflicts(101), dip util raise(102) and clear(103),
-- ids-icmp-ping-id-zero(441).
-- Last modified date: 03/03/2005
-- Removed nsTrapType 15, 18 and 1000
-- Last modified date: 09/10/2004
-- Modified copyright and contact info
-- Last modified date: 05/03/2004
-- Add global-report manager specific trap
-- Last modified date: 09/28/2001
-- Add new traps (430~434)
-- Last modified date: 1/23/2004
-- Add traffic traps (1,2) and route traps (205~225)
-- Last modified date: 3/24/2004
--NETSCREEN-TRAP-MIB DEFINITIONS::=BEGIN
IMPORTSenterprises FROM RFC1155-SMI
DisplayStringFROM RFC1213-MIB
netscreen, netscreenTrapInfo FROM NETSCREEN-SMI;netscreenTrapType OBJECT-TYPESYNTAXINTEGER{traffic-sec(1),-- Traffic per-second thresholdtraffic-min(2),-- Traffic per-minute thresholdwinnuke(4),-- Winnuke paksyn-attack(5),-- Syn attack
tear-drop(6),-- tear-drop attackping-death(7),-- Ping of Death attackip-spoofing(8),-- IP spoofing attackip-src-route(9),-- IP source routing attackland(10),-- land attackicmp-flood(11),-- ICMP flooding attackudp-flood(12),-- UDP flooding attackillegal-cms-svr(13),-- Illegal server IP to connect to CMS porturl-block-srv(14),-- URL blocking server connection alarmhigh-availability(15),-- high availabilityport-scan(16),-- Port Scan attackaddr-sweep(17),-- address sweep attack
low-memory(20),-- memory lowdns-srv-down(21),-- DNS server unreachablegeneric-HW-fail(22),-- Fan, Power Supply failurelb-srv-down(23),-- Load balance server unreachablelog-full(24),-- log buffer overflowx509(25),-- X509 relatedvpn-ike(26),-- VPN and IKE relatedadmin(27),-- admin realtedsme(28),-- Illegal src ip to connect to sme portdhcp(29),-- DHCP relatedcpu-usage-high(30),-- CPU usage is highip-conflict(31),-- Interface IP conflict
attact-malicious-url(32),-- Microsoft IIS server vulnerabilitysession-threshold(33),-- session threshold is exceededssh-alarm(34),-- SSH related alarmsav-scan-mgr(554),-- AV Scan Manager Alarmvpn-tunnel-up(40),-- VPN tunnel from down to upvpn-tunnel-down(41),-- VPN tunnel from up to downvpn-replay-attack(42),-- VPN replay detectedvpn-l2tp-tunnel-remove(43),-- VPN tunnel removedvpn-l2tp-tunnel-remove-err(44),-- VPN tunnel removed and error detectedvpn-l2tp-call-remove(45),-- VPN call removedvpn-l2tp-call-remove-err(46),-- VPN call removed and error detectedvpn-ias-too-many(47),-- Number of IAS exceeds configured maximum
vpn-ias-over-threshold(48),-- Number of IAS crossed configured upper thresholdvpn-ias-under-threshold(49),-- Number of IAS crossed configured lower thresholdvpn-ias-ike-error(50),-- IKE error occured for the IAS sessionallocated-session-threshold(51),-- allocated session exceed thresholdnsrp-rto-up(60),-- NSRP rto self unit status change from up to downnsrp-rto-down(61),-- NSRP rto self unit status change from down to upnsrp-trackip-success(62),-- NSRP track ip successednsrp-trackip-failed(63),-- NSRP track ip failednsrp-trackip-failover(64),-- NSRP track ip fail overnsrp-inconsistent-configuration(65),-- NSRP inconsistent configuration between master and backupnsrp-vsd-init(70),-- NSRP vsd group status change to elect
nsrp-vsd-master(71),-- NSRP vsd group status change to masternsrp-vsd-pbackup(72),-- NSRP vsd group status change to primary backupnsrp-vsd-backup(73),-- NSRP vsd group status change to backupnsrp-vsd-ineligible(74),-- NSRP vsd group status change to ineligiblensrp-vsd-inoperable(75),-- NSRP VSD group status change to inoperablensrp-vsd-req-hearbeat-2nd(76),-- NSRP VSD request heartbeat from 2nd HA pathnsrp-vsd-reply-2nd(77),-- NSRP VSD reply to 2nd path requestnsrp-rto-duplicated(78),-- NSRP duplicated RTO group founddc-fail-reconnect-mc(79),-- DC fails to re-connect to MCmc-fail-reconnect-db(80),-- MC fails to re-connect to Dbdc-fail-init(81),-- DC fails to initialize
mc-fail-init(82),-- MC fails to initializeunknown-connect-attempt-dc(83),-- Unknown device trying to connect to a DCdc-reinit(84),-- DC has been reinitialized/restarted (similar meaning as the cold start trap generated by the device)mc-reinit(85),-- MC has been restarteddc-fail-auth(86),-- DC fails to authenticate to a devicedc-mc-version-unmatch(87),-- DC / MC are not running the same versiondc-log-full(88),-- DC's traffic log files are fulldevice-connect-dc(89),-- NetScreen device connected to Global PROdevice-disconnect-dc(90),-- NetScreen device dis-connected from Global PROusb-device-operation(93),-- A USB key is plug/unplug from USB portppp-no-ip-cfg(95),-- No ppp IP pool configured
ppp-no-ip-in-pool(96),-- IP pool exhausted. No ip to assignipv6-conflict(101),-- Interface IPv6 address conflictdip-util-raise(102),-- DIP utilization reaches raised threshold limitdip-util-clear(103),-- DIP utilization reaches clear threshold limitroute-alarm(205),-- Errors in route module (exceed limit, malloc failure, add-perfix failure etc)osfp-flood(206),-- LSA/Hello packets flood in OSPF, route redistribution exceed limit,rip-flood(207),-- Update packet floods in RIPbgp-established(208),-- Peer forms adjacency completelybgp-backwardtransition(209),-- Peer's adjacency is torn down, goes to Idle stateospf-virtifstatechange(210),-- change in virtual link's state (down, point-to-point etc)
ospf-nbrstatechange(211),-- change in neighbor's state on regular interface (down, 2way, full etc)ospf-virtnbrstatechange(212),-- change in neighbor's state on virtual link (down, full etc)ospf-ifconfigerror(213),-- authentication mismatch/area mismatch etc on regular interfaceospf-virtifconfigerror(214),-- authentication mismatch/area mismatch etc on virtual linkospf-ifauthfailure(215),-- Authentication eror on regular interfaceospf-virtifauthfailure(216),-- Authentication eror on virtual linkospf-ifrxbadpacket(217),-- lsa received with invalid lsa-type on regular interfaceospf-virtifrxbadpacket(218),-- lsa received with invalid lsa-type on virtual linkospf-txretransmit(219),-- retransmission to neighbor on regular interfaceospf-virtiftxretransmit(220),-- retransmission to neighbor on virtual link
ospf-originatelsa(221),-- new LSA generated by local routerospf-maxagelsa(222),-- LSA aged outospf-lsdboverflow(223),-- when total LSAs in database exceed predefined limitospf-lsdbapproachingoverflow(224),-- when total LSAs in database approach predefined limitospf-ifstatechange(225),-- change in regular interface state (up/down, dr/bdr etc)ids-component(400),-- block java/active-x componentids-icmp-flood(401),-- icmp flood attackids-udp-flood(402),-- udp flood attackids-winnuke(403),-- winnuke attackids-port-scan(404),-- port scan attackids-addr-sweep(405),-- address sweep attack
ids-tear-drop(406),-- tear drop attackids-syn(407),-- syn flood attackids-ip-spoofing(408),-- ip spoofing attackids-ping-death(409),-- ping of death attackids-ip-source-route(410),-- filter ip packet with source route optionids-land(411),-- land attacksyn-frag-attack(412),-- screen syn fragment attacktcp-without-flag(413),-- screen tcp packet without flag attackunknow-ip-packet(414),-- screen unknown ip packetbad-ip-option(415),-- screen bad ip optiondst-ip-session-limit(430),-- Dst IP-based session limiting
ids-block-zip(431),-- HTTP component blocking for .zip filesids-block-jar(432),-- HTTP component blocking for Java appletsids-block-exe(433),-- HTTP component blocking for .exe filesids-block-activex(434),-- HTTP component blocking for ActiveX controlsicmp-fragment(435),-- screen icmp fragment packettoo-large-icmp(436),-- screen too large icmp packettcp-syn-fin(437),-- screen tcp flag syn-fin settcp-fin-no-ack(438),-- screen tcp fin without ackids-tcp-syn-ack-ack(439),-- avoid replying to syns after excessive 3 way TCP handshakes from same-- src ip but not proceeding with user auth. (not replying to username/password)..ids-ip-block-frag(440),-- ip fragmentcpu-limit-s2f-forced(800),--Shared to fair transition forced
cpu-limit-s2f-auto(801),--Shared to fair transition autocpu-limit-f2s-forced(802),--Fair to shared transition forcedcpu-limit-f2s-timeout(803),--Fair to shared transition because of timeoutcpu-limit-f2s-auto(804)--Fair to shared transition auto}ACCESSnot-accessibleSTATUSmandatoryDESCRIPTION"The integer value of the raised alarm type.
Note that the type should be interpreted within a specific trap"::={ netscreenTrapInfo 1}netscreenTrapDesc OBJECT-TYPESYNTAXDisplayString(SIZE(0..255))ACCESSnot-accessibleSTATUSmandatoryDESCRIPTION"The textual description of the alarm"::={ netscreenTrapInfo 3}
netscreenTrapHw TRAP-TYPEENTERPRISE netscreen
VARIABLES{ netscreenTrapType, netscreenTrapDesc }DESCRIPTION"This trap indicates that some kind of hardware problem has occured."::=100netscreenTrapFw TRAP-TYPEENTERPRISE netscreen
VARIABLES{ netscreenTrapType, netscreenTrapDesc }DESCRIPTION"This trap indicates that some kind of firewall functions has been triggered."::=200netscreenTrapSw TRAP-TYPEENTERPRISE netscreen
VARIABLES{ netscreenTrapType, netscreenTrapDesc }DESCRIPTION"This trap indicates that some kind of software problem has occured."::=300netscreenTrapTrf TRAP-TYPEENTERPRISE netscreen
VARIABLES{ netscreenTrapType, netscreenTrapDesc }DESCRIPTION"This trap indicates that some kind of traffic conditions has been triggered."::=400netscreenTrapVpn TRAP-TYPE
ENTERPRISE netscreen
VARIABLES{ netscreenTrapType, netscreenTrapDesc }DESCRIPTION"This trap indicates that VPN tunnel status has occured."::=500netscreenTrapNsrp TRAP-TYPEENTERPRISE netscreen
VARIABLES{ netscreenTrapType, netscreenTrapDesc }DESCRIPTION"This trap indicates that NSRP status has occured."::=600netscreenTrapGPRO TRAP-TYPEENTERPRISE netscreen
VARIABLES{ netscreenTrapType, netscreenTrapDesc }DESCRIPTION"This trap indicates that some kind of Global PRO problems has occurred."::=700netscreenTrapDrp TRAP-TYPEENTERPRISE netscreen
VARIABLES{ netscreenTrapType, netscreenTrapDesc }DESCRIPTION"This trap indicates that Drp status has occured."::=800netscreenTrapIFFailover TRAP-TYPEENTERPRISE netscreen
VARIABLES{ netscreenTrapType, netscreenTrapDesc }
DESCRIPTION"This trap indicates that interface fail over status has occured."::=900netscreenTrapIDPAttack TRAP-TYPEENTERPRISE netscreen
VARIABLES{ netscreenTrapType, netscreenTrapDesc }DESCRIPTION"This trap indicates that IDP attack status has occured."::=1000END