-- Copyright (c) 1999-2004, Juniper Networks, Inc.
-- All rights reserved.NETSCREEN-TRAP-MIB DEFINITIONS::=BEGINIMPORTSnetscreenTrap, netscreenTrapInfo
FROM NETSCREEN-SMI
MODULE-IDENTITY,NOTIFICATION-TYPE,OBJECT-TYPEFROM SNMPv2-SMI
DisplayStringFROM SNMPv2-TC
;netscreenTrapMibModule MODULE-IDENTITYLAST-UPDATED"200503032022Z"-- March 03, 2005ORGANIZATION"Juniper Networks, Inc."CONTACT-INFO"Customer Support
1194 North Mathilda Avenue
Sunnyvale, California 94089-1206
USA
Tel: 1-800-638-8296
E-mail: customerservice@juniper.net
HTTP://www.juniper.net"DESCRIPTION"Added trap types 15, it is still in use"REVISION"200803170000Z"-- Mar 17, 2008DESCRIPTION"Added 5 new trap types - 800-804. Removed 1000."REVISION"200510170000Z"-- Oct 17, 2005DESCRIPTION"Added 4 new trap types - ipv6 ip conflicts(101), dip util raise(102) and clear(103),
ids-icmp-ping-id-zero(441)."REVISION"200503030000Z"-- March 03, 2005DESCRIPTION"Trap MIB"REVISION"200409100000Z"-- Sep 10, 2004DESCRIPTION"Removed nsTrapType 3, 15,18,19 and 1000"REVISION"200405030000Z"-- May 03, 2004
DESCRIPTION"Modified copyright and contact information"REVISION"200403030000Z"-- March 03, 2004DESCRIPTION"Converted to SMIv2 by Longview Software"REVISION"200401230000Z"-- January 23, 2004DESCRIPTION"Add new traps (430~434)"REVISION"200109280000Z"-- September 28, 2001DESCRIPTION"Add global-report manager specific trap"REVISION"200008020000Z"-- August 02, 2000DESCRIPTION"Creation Date"::={ netscreenTrapInfo 0}netscreenTrapHw NOTIFICATION-TYPEOBJECTS{ netscreenTrapType, netscreenTrapDesc }STATUScurrentDESCRIPTION"This trap indicates that some kind of hardware problem has
occured."::={ netscreenTrap 100}netscreenTrapFw NOTIFICATION-TYPEOBJECTS{ netscreenTrapType, netscreenTrapDesc }STATUScurrentDESCRIPTION"This trap indicates that some kind of firewall functions has
been triggered."
::={ netscreenTrap 200}netscreenTrapSw NOTIFICATION-TYPEOBJECTS{ netscreenTrapType, netscreenTrapDesc }STATUScurrentDESCRIPTION"This trap indicates that some kind of software problem has
occured."::={ netscreenTrap 300}netscreenTrapTrf NOTIFICATION-TYPEOBJECTS{ netscreenTrapType, netscreenTrapDesc }STATUScurrentDESCRIPTION"This trap indicates that some kind of traffic conditions has
been triggered."::={ netscreenTrap 400}netscreenTrapVpn NOTIFICATION-TYPEOBJECTS{ netscreenTrapType, netscreenTrapDesc }STATUScurrentDESCRIPTION"This trap indicates that VPN tunnel status has occured."::={ netscreenTrap 500}netscreenTrapNsrp NOTIFICATION-TYPEOBJECTS{ netscreenTrapType, netscreenTrapDesc }STATUScurrentDESCRIPTION"This trap indicates that NSRP status has occured."
::={ netscreenTrap 600}netscreenTrapGPRO NOTIFICATION-TYPEOBJECTS{ netscreenTrapType, netscreenTrapDesc }STATUScurrentDESCRIPTION"This trap indicates that some kind of Global PRO problems has
occurred."::={ netscreenTrap 700}netscreenTrapDrp NOTIFICATION-TYPEOBJECTS{ netscreenTrapType, netscreenTrapDesc }STATUScurrentDESCRIPTION"This trap indicates that Drp status has occured."::={ netscreenTrap 800}netscreenTrapIFFailover NOTIFICATION-TYPEOBJECTS{ netscreenTrapType, netscreenTrapDesc }STATUScurrentDESCRIPTION"This trap indicates that interface fail over status has
occured."::={ netscreenTrap 900}netscreenTrapIDPAttack NOTIFICATION-TYPEOBJECTS{ netscreenTrapType, netscreenTrapDesc }STATUScurrentDESCRIPTION
"This trap indicates that IDP attack status has occured."::={ netscreenTrap 1000}netscreenTrapType OBJECT-TYPESYNTAXINTEGER{-- Traffic per-second thresholdtraffic-sec(1),-- Traffic per-minute thresholdtraffic-min(2),-- Winnuke pakwinnuke(4),-- Syn attacksyn-attack(5),-- tear-drop attacktear-drop(6),-- Ping of Death attackping-death(7),-- IP spoofing attackip-spoofing(8),-- IP source routing attackip-src-route(9),-- land attackland(10),-- ICMP flooding attackicmp-flood(11),-- UDP flooding attackudp-flood(12),-- Illegal server IP to connect to CMS port
illegal-cms-svr(13),-- URL blocking server connection alarmurl-block-srv(14),-- high availabilityhigh-availability(15),-- Port Scan attackport-scan(16),-- address sweep attackaddr-sweep(17),-- memory lowlow-memory(20),-- DNS server unreachabledns-srv-down(21),-- Fan, Power Supply failuregeneric-HW-fail(22),-- Load balance server unreachablelb-srv-down(23),-- log buffer overflowlog-full(24),-- X509 relatedx509(25),-- VPN and IKE relatedvpn-ike(26),-- admin realtedadmin(27),-- Illegal src ip to connect to sme portsme(28),
-- DHCP relateddhcp(29),-- CPU usage is highcpu-usage-high(30),-- Interface IP conflictip-conflict(31),-- Microsoft IIS server vulnerabilityattact-malicious-url(32),-- session threshold is exceededsession-threshold(33),-- SSH related alarmsssh-alarm(34),-- VPN tunnel from down to upvpn-tunnel-up(40),-- VPN tunnel from up to downvpn-tunnel-down(41),-- VPN replay detectedvpn-replay-attack(42),-- VPN tunnel removedvpn-l2tp-tunnel-remove(43),-- VPN tunnel removed and error detectedvpn-l2tp-tunnel-remove-err(44),-- VPN call removedvpn-l2tp-call-remove(45),-- VPN call removed and error detected
vpn-l2tp-call-remove-err(46),-- Number of IAS exceeds configured maximumvpn-ias-too-many(47),-- Number of IAS crossed configured upper thresholdvpn-ias-over-threshold(48),-- Number of IAS crossed configured lower thresholdvpn-ias-under-threshold(49),-- IKE error occured for the IAS sessionvpn-ias-ike-error(50),-- allocated session exceed thresholdallocated-session-threshold(51),-- AV Scan Manager Alarm, sofeware trapav-scan-mgr(554),-- NSRP rto self unit status change from up to downnsrp-rto-up(60),-- NSRP rto self unit status change from down to upnsrp-rto-down(61),-- NSRP track ip successednsrp-trackip-success(62),-- NSRP track ip failednsrp-trackip-failed(63),-- NSRP track ip fail overnsrp-trackip-failover(64),
-- NSRP inconsistent configuration between master and backupnsrp-inconsistent-configuration(65),-- NSRP vsd group status change to electnsrp-vsd-init(70),-- NSRP vsd group status change to masternsrp-vsd-master(71),-- NSRP vsd group status change to primary backupnsrp-vsd-pbackup(72),-- NSRP vsd group status change to backupnsrp-vsd-backup(73),-- NSRP vsd group status change to ineligiblensrp-vsd-ineligible(74),-- NSRP VSD group status change to inoperablensrp-vsd-inoperable(75),-- NSRP VSD request heartbeat from 2nd HA pathnsrp-vsd-req-hearbeat-2nd(76),-- NSRP VSD reply to 2nd path requestnsrp-vsd-reply-2nd(77),-- NSRP duplicated RTO group foundnsrp-rto-duplicated(78),-- DC fails to re-connect to MCdc-fail-reconnect-mc(79),
-- MC fails to re-connect to Dbmc-fail-reconnect-db(80),-- DC fails to initializedc-fail-init(81),-- MC fails to initializemc-fail-init(82),-- Unknown device trying to connect to a DCunknown-connect-attempt-dc(83),-- DC has been reinitialized/restarted (similar meaning as the cold-- start trap generated by the device)dc-reinit(84),-- MC has been restartedmc-reinit(85),-- DC fails to authenticate to a devicedc-fail-auth(86),-- DC / MC are not running the same versiondc-mc-version-unmatch(87),-- DC's traffic log files are fulldc-log-full(88),-- NetScreen device connected to Global PROdevice-connect-dc(89),-- NetScreen device dis-connected from Global PROdevice-disconnect-dc(90),-- A USB key is plug/unplug from USB port
usb-device-operation(93),-- No ppp IP pool configuredppp-no-ip-cfg(95),-- IP pool exhausted. No ip to assignppp-no-ip-in-pool(96),-- Interface IPv6 address conflictipv6-conflict(101),-- DIP utilization reaches raised threshold limitdip-util-raise(102),-- DIP utilization reaches clear threshold limitdip-util-clear(103),-- Errors in route module (exceed limit, malloc failure, add-perfix failure etc)route-alarm(205),-- LSA/Hello packets flood in OSPF, route redistribution exceed limit,ospf-flood(206),-- Update packet floods in RIPrip-flood(207),-- Peer forms adjacency completelybgp-established(208),-- Peer's adjacency is torn down, goes to Idle statebgp-backwardtransition(209),-- change in virtual link's state (down, point-to-point etc)
ospf-virtifstatechange(210),-- change in neighbor's state on regular interface (down, 2way, full etc)ospf-nbrstatechange(211),-- change in neighbor's state on virtual link (down, full etc)ospf-virtnbrstatechange(212),-- authentication mismatch/area mismatch etc on regular interfaceospf-ifconfigerror(213),-- authentication mismatch/area mismatch etc on virtual linkospf-virtifconfigerror(214),-- Authentication eror on regular interfaceospf-ifauthfailure(215),-- Authentication eror on virtual linkospf-virtifauthfailure(216),-- lsa received with invalid lsa-type on regular interfaceospf-ifrxbadpacket(217),-- lsa received with invalid lsa-type on virtual linkospf-virtifrxbadpacket(218),-- retransmission to neighbor on regular interfaceospf-txretransmit(219),-- retransmission to neighbor on virtual linkospf-virtiftxretransmit(220),-- new LSA generated by local router
ospf-originatelsa(221),-- LSA aged outospf-maxagelsa(222),-- when total LSAs in database exceed predefined limitospf-lsdboverflow(223),-- when total LSAs in database approach predefined limitospf-lsdbapproachingoverflow(224),-- change in regular interface state (up/down, dr/bdr etc)ospf-ifstatechange(225),-- block java/active-x componentids-component(400),-- icmp flood attackids-icmp-flood(401),-- udp flood attackids-udp-flood(402),-- winnuke attackids-winnuke(403),-- port scan attackids-port-scan(404),-- address sweep attackids-addr-sweep(405),-- tear drop attackids-tear-drop(406),-- syn flood attackids-syn(407),
-- ip spoofing attackids-ip-spoofing(408),-- ping of death attackids-ping-death(409),-- filter ip packet with source route optionids-ip-source-route(410),-- land attackids-land(411),-- screen syn fragment attacksyn-frag-attack(412),-- screen tcp packet without flag attacktcp-without-flag(413),-- screen unknown ip packetunknow-ip-packet(414),-- screen bad ip optionbad-ip-option(415),-- Dst IP-based session limitingdst-ip-session-limit(430),-- HTTP component blocking for .zip filesids-block-zip(431),-- HTTP component blocking for Java appletsids-block-jar(432),-- HTTP component blocking for .exe filesids-block-exe(433),
-- HTTP component blocking for ActiveX controlsids-block-activex(434),-- screen icmp fragment packeticmp-fragment(435),-- screen too large icmp packettoo-large-icmp(436),-- screen tcp flag syn-fin settcp-syn-fin(437),-- screen tcp fin without acktcp-fin-no-ack(438),-- avoid replying to syns after excessive 3 way TCP handshakes from-- same src ip but not proceeding with user auth. (not replying to-- username/password)..ids-tcp-syn-ack-ack(439),-- ip fragmentids-ip-block-frag(440),-- icmp ping id 0ids-icmp-ping-id-zero(441),--Shared to fair transition forcedcpu-limit-s2f-forced(800),--Shared to fair transition autocpu-limit-s2f-auto(801),--Fair to shared transition forcedcpu-limit-f2s-forced(802),--Fair to shared transition because of timeoutcpu-limit-f2s-timeout(803),--Fair to shared transition autocpu-limit-f2s-auto(804)}MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"The integer value of the raised alarm type. Note that the type
should be interpreted within a specific trap"::={ netscreenTrapInfo 1}netscreenTrapDesc OBJECT-TYPESYNTAXDisplayString(SIZE(0..255))MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"The textual description of the alarm"::={ netscreenTrapInfo 3}END