CISCOSB-SECURITY-SUITE

File: CISCOSB-SECURITY-SUITE.mib (20255 bytes)

Imported modules

SNMPv2-SMI IF-MIB SNMPv2-TC
CISCOSB-MIB Q-BRIDGE-MIB

Imported symbols

MODULE-IDENTITY OBJECT-TYPE Counter32
Gauge32 Unsigned32 IpAddress
TimeTicks InterfaceIndexOrZero InterfaceIndex
ifIndex TEXTUAL-CONVENTION TruthValue
RowStatus RowPointer DisplayString
Percents switch001 PortList

Defined Types

RlsecuritySuiteGlobalEnableType  
TEXTUAL-CONVENTION    
  current INTEGER enable-global-rules-only(1), enable-all-rules-types(2), disable(3)

RlSecuritySuiteKnownDosAttackType  
TEXTUAL-CONVENTION    
  current INTEGER stacheldraht(1), invasor-Trojan(2), back-orifice-Trojan(3)

RlSecuritySuiteKnownDosAttackProtocolType  
TEXTUAL-CONVENTION    
  current INTEGER tcp(1), upd(2)

RlSecuritySuiteAllMartianEntryType  
TEXTUAL-CONVENTION    
  current INTEGER reserved(1), static(2)

RlSecuritySuiteDenyAttackType  
TEXTUAL-CONVENTION    
  current INTEGER syn(1), icmp-echo-request(2), fragmented(3)

RlSecuritySuiteDenySynFinTcp  
TEXTUAL-CONVENTION    
  current INTEGER deny(1), permit(2)

RlSecuritySuiteSynProtectionMode  
TEXTUAL-CONVENTION    
  current INTEGER disabled(1), report(2), block(3)

RlSecuritySuiteSynProtectionPortMode  
TEXTUAL-CONVENTION    
  current INTEGER normal(1), attacked(2), blocked(3)

RlSecuritySuiteKnownDoSAttacksEntry  
SEQUENCE    
  rlSecuritySuiteKnownDoSAttack RlSecuritySuiteKnownDosAttackType
  rlSecuritySuiteKnownDoSAttackEnable TruthValue

RlSecuritySuiteKnownDoSAttacksDetailsEntry  
SEQUENCE    
  rlSecuritySuiteKnownDoSAttackProtocl RlSecuritySuiteKnownDosAttackProtocolType
  rlSecuritySuiteKnownDoSAttackSrcTcpUdpPort INTEGER
  rlSecuritySuiteKnownDoSAttackDestTcpUdpPort INTEGER

RlSecuritySuiteMartianAddrAllEntry  
SEQUENCE    
  rlSecuritySuiteMartianAddr IpAddress
  rlSecuritySuiteMartianAddrNetMask IpAddress
  rlSecuritySuiteAllMartianEntryType RlSecuritySuiteAllMartianEntryType

RlDoSAttackMartianAddrEntry  
SEQUENCE    
  rlSecuritySuiteMartianAddrStatus RowStatus

RlSecuritySuiteDoSSynAttackEntry  
SEQUENCE    
  rlSecuritySuiteDoSSynAttackIfIndex InterfaceIndex
  rlSecuritySuiteDoSSynAttackAddr IpAddress
  rlSecuritySuiteDoSSynAttackNetMask IpAddress
  rlSecuritySuiteDoSSynAttackSynRate INTEGER
  rlSecuritySuiteDoSSynAttackStatus RowStatus

RlSecuritySuiteDenyTypesEntry  
SEQUENCE    
  rlSecuritySuiteDenyIfIndex InterfaceIndex
  rlSecuritySuiteDenyAttackType RlSecuritySuiteDenyAttackType
  rlSecuritySuiteDenyDestAddr IpAddress
  rlSecuritySuiteDenyNetMask IpAddress
  rlSecuritySuiteDenyDestPort INTEGER
  rlSecuritySuiteDenyStatus RowStatus

RlSecuritySuiteSynProtectionPortEntry  
SEQUENCE    
  rlSecuritySuiteSynProtectionPortMode RlSecuritySuiteSynProtectionPortMode
  rlSecuritySuiteSynProtectionPortModeLastTimeAttack RlSecuritySuiteSynProtectionPortMode
  rlSecuritySuiteSynProtectionPortLastTimeAttack DisplayString

Defined Values

rlSecuritySuiteMib 1.3.6.1.4.1.9.6.1.101.120
The private MIB module definition for blocking attacks such as DoS(=Denial Of Service), SYN and well known viruses Attacks in CISCOSB devices.
MODULE-IDENTITY    

rlSecuritySuiteGlobalEnable 1.3.6.1.4.1.9.6.1.101.120.1
This scalar globally enables/disables the DoS attack Suite.
OBJECT-TYPE    
  RlsecuritySuiteGlobalEnableType  

rlSecuritySuiteKnownDoSAttacksTable 1.3.6.1.4.1.9.6.1.101.120.2
This table enables/disable well-know DoS attacks, applied globally to all ifIndexes.
OBJECT-TYPE    
  SEQUENCE OF  
    RlSecuritySuiteKnownDoSAttacksEntry

rlSecuritySuiteKnownDoSAttacksEntry 1.3.6.1.4.1.9.6.1.101.120.2.1
Each entry in this table describes one well known DoS attack address
OBJECT-TYPE    
  RlSecuritySuiteKnownDoSAttacksEntry  

rlSecuritySuiteKnownDoSAttack 1.3.6.1.4.1.9.6.1.101.120.2.1.1
A well-known DoS attack to enable
OBJECT-TYPE    
  RlSecuritySuiteKnownDosAttackType  

rlSecuritySuiteKnownDoSAttackEnable 1.3.6.1.4.1.9.6.1.101.120.2.1.2
Enable/Disable a well-known DoS attack
OBJECT-TYPE    
  TruthValue  

rlSecuritySuiteKnownDoSAttacksDetailsTable 1.3.6.1.4.1.9.6.1.101.120.3
This read-only table used to present the detailed attributes of each well-known DoS attack. Used for presentation propose only.
OBJECT-TYPE    
  SEQUENCE OF  
    RlSecuritySuiteKnownDoSAttacksDetailsEntry

rlSecuritySuiteKnownDoSAttacksDetailsEntry 1.3.6.1.4.1.9.6.1.101.120.3.1
Each entry in this table describes one well known DoS attack address ,
OBJECT-TYPE    
  RlSecuritySuiteKnownDoSAttacksDetailsEntry  

rlSecuritySuiteKnownDoSAttackProtocl 1.3.6.1.4.1.9.6.1.101.120.3.1.1
Specifies the protocol type of the relevant well-known attack
OBJECT-TYPE    
  RlSecuritySuiteKnownDosAttackProtocolType  

rlSecuritySuiteKnownDoSAttackSrcTcpUdpPort 1.3.6.1.4.1.9.6.1.101.120.3.1.2
Specifies the source tcp/udp port of the relevant well-known attack
OBJECT-TYPE    
  INTEGER  

rlSecuritySuiteKnownDoSAttackDestTcpUdpPort 1.3.6.1.4.1.9.6.1.101.120.3.1.3
Specifies the destination tcp/udp port of the relevant well-known attack
OBJECT-TYPE    
  INTEGER  

rlSecuritySuiteReservedMartianAddresses 1.3.6.1.4.1.9.6.1.101.120.4
This scalar globally enables/disables discarding of the IP well-known addresses described below: ------------------------------------------------------------------------------- | Address block | Present use |------------------------------------------------------------------------------- |0.0.0.0/8 | Addresses in this block refer to source hosts |(except 0.0.0.0/32 | on 'this' network. | as source address) | |------------------------------------------------------------------------------ |127.0.0.0/8 | This block is assigned for use as the Internet host loop-back address. |----------------------------------------------------------------------------------------------------- |192.0.2.0/24 | This block is assigned as 'TEST-NET' | | for use in documentation and example code. |--------------------------------------------------------------------------- |224.0.0.0/4 as source. | This block, formerly known as the Class D address space, | | is allocated for use in IPv4 multicast address assignments. |------------------------------------------------------------------------------------------- |240.0.0.0/4 | |(except 255.255.255.255/32 | This block, formerly known as the Class E address space, is reserved. | as destination address) | |-------------------------------------------------------------------------------------------------------
OBJECT-TYPE    
  TruthValue  

rlSecuritySuiteMartianAddrAllTable 1.3.6.1.4.1.9.6.1.101.120.5
This read-only table specifies all current configured Martian addresses - both pre-defined (=reserved) and used-configured (=static) addresses
OBJECT-TYPE    
  SEQUENCE OF  
    RlSecuritySuiteMartianAddrAllEntry

rlSecuritySuiteMartianAddrAllEntry 1.3.6.1.4.1.9.6.1.101.120.5.1
Each entry in this table describes one Martian address , packets with this address as IP source or IP destination, are discarded.
OBJECT-TYPE    
  RlSecuritySuiteMartianAddrAllEntry  

rlSecuritySuiteMartianAddr 1.3.6.1.4.1.9.6.1.101.120.5.1.1
An IP address to discard all packets with that address as source or destination
OBJECT-TYPE    
  IpAddress  

rlSecuritySuiteMartianAddrNetMask 1.3.6.1.4.1.9.6.1.101.120.5.1.2
Specify the net mask that comprise the destination IP address prefix.
OBJECT-TYPE    
  IpAddress  

rlSecuritySuiteAllMartianEntryType 1.3.6.1.4.1.9.6.1.101.120.5.1.3
Specific the entry origin: pre-defined (reserved) of statically configured.
OBJECT-TYPE    
  RlSecuritySuiteAllMartianEntryType  

rlSecuritySuiteMartianAddrTable 1.3.6.1.4.1.9.6.1.101.120.6
This table specifies the Martian addresses - the addresses that packets with these IP addressed as source or destination are discarded.
OBJECT-TYPE    
  SEQUENCE OF  
    RlDoSAttackMartianAddrEntry

rlSecuritySuiteMartianAddrEntry 1.3.6.1.4.1.9.6.1.101.120.6.1
Each entry in this table describes one Martian address , packets with this address as IP source or IP destination, are discarded.
OBJECT-TYPE    
  RlDoSAttackMartianAddrEntry  

rlSecuritySuiteMartianAddrStatus 1.3.6.1.4.1.9.6.1.101.120.6.1.1
The status of a table entry. It is used to delete/Add an entry from this table.
OBJECT-TYPE    
  RowStatus  

rlSecuritySuiteDoSSynAttackTable 1.3.6.1.4.1.9.6.1.101.120.7
This table contains IP address and rate, to limit DoS SYN attacks from a specific IP address and interface(s)
OBJECT-TYPE    
  SEQUENCE OF  
    RlSecuritySuiteDoSSynAttackEntry

rlSecuritySuiteDoSSynAttackEntry 1.3.6.1.4.1.9.6.1.101.120.7.1
Each entry in this table describes one Martian address , packets with this address as IP source or IP destination, are discarded.
OBJECT-TYPE    
  RlSecuritySuiteDoSSynAttackEntry  

rlSecuritySuiteDoSSynAttackIfIndex 1.3.6.1.4.1.9.6.1.101.120.7.1.1
Interface which the attack is applied on
OBJECT-TYPE    
  InterfaceIndex  

rlSecuritySuiteDoSSynAttackAddr 1.3.6.1.4.1.9.6.1.101.120.7.1.2
An IP address to discard all packets with that address as destination
OBJECT-TYPE    
  IpAddress  

rlSecuritySuiteDoSSynAttackNetMask 1.3.6.1.4.1.9.6.1.101.120.7.1.3
Relevant when rlSecuritySuiteSynAttackRangeType equals prefix(2). Specify the number of bits that comprise the destination IP address prefix.
OBJECT-TYPE    
  IpAddress  

rlSecuritySuiteDoSSynAttackSynRate 1.3.6.1.4.1.9.6.1.101.120.7.1.4
Specify the maximum connections per second allowed from this IP address and rlSecuritySuiteSynAttackPortList
OBJECT-TYPE    
  INTEGER  

rlSecuritySuiteDoSSynAttackStatus 1.3.6.1.4.1.9.6.1.101.120.7.1.6
The status of a table entry. It is used to delete/Add an entry from this table.
OBJECT-TYPE    
  RowStatus  

rlSecuritySuiteDenyTypesTable 1.3.6.1.4.1.9.6.1.101.120.8
This table specifies the ip address and TCP ports that TCP SYN packets from them on a specific interfaces are dropped.
OBJECT-TYPE    
  SEQUENCE OF  
    RlSecuritySuiteDenyTypesEntry

rlSecuritySuiteDenyTypesEntry 1.3.6.1.4.1.9.6.1.101.120.8.1
Each entry in this table describes one ip address, TCP port and list of ifIndexes, that packets with these attributes are discarded.
OBJECT-TYPE    
  RlSecuritySuiteDenyTypesEntry  

rlSecuritySuiteDenyIfIndex 1.3.6.1.4.1.9.6.1.101.120.8.1.1
Interface which the attack is applied on
OBJECT-TYPE    
  InterfaceIndex  

rlSecuritySuiteDenyAttackType 1.3.6.1.4.1.9.6.1.101.120.8.1.2
The specific deny attack type
OBJECT-TYPE    
  RlSecuritySuiteDenyAttackType  

rlSecuritySuiteDenyDestAddr 1.3.6.1.4.1.9.6.1.101.120.8.1.3
An IP address to discard all packets with that address as destination
OBJECT-TYPE    
  IpAddress  

rlSecuritySuiteDenyNetMask 1.3.6.1.4.1.9.6.1.101.120.8.1.4
Relevant when rlSecuritySuiteDenyTCPRangeType equals mask(1). Specify the number of bits that comprise the destination IP address prefix.
OBJECT-TYPE    
  IpAddress  

rlSecuritySuiteDenyDestPort 1.3.6.1.4.1.9.6.1.101.120.8.1.5
Destination TCP port. Use 65553 to specify all ports. This key-field is relevant in specific attack types (not all) Use 0 when not relevant.
OBJECT-TYPE    
  INTEGER  

rlSecuritySuiteDenyStatus 1.3.6.1.4.1.9.6.1.101.120.8.1.6
The status of a table entry. It is used to delete/Add an entry from this table.
OBJECT-TYPE    
  RowStatus  

rlSecuritySuiteDenySynFinTcp 1.3.6.1.4.1.9.6.1.101.120.9
This scalar globally enable or disable dropping of tcp packets with both SYN and FIN flags enabled.
OBJECT-TYPE    
  RlSecuritySuiteDenySynFinTcp  

rlSecuritySuiteSynProtectionMode 1.3.6.1.4.1.9.6.1.101.120.10
This scalar globally set protection mode on TCP SYN traffic. Disabled - the system doesn't support protection against TCP SYN attack. Report - the system doesn't support protection against TCP SYN attack,but reports about it. Block - the systems supports protection against TCP SYN attack by blocking this traffic on the port.
OBJECT-TYPE    
  RlSecuritySuiteSynProtectionMode  

rlSecuritySuiteSynProtectionTreshold 1.3.6.1.4.1.9.6.1.101.120.11
This scalar globally set protection mode treshold value in packet per second on TCP SYN traffic.
OBJECT-TYPE    
  INTEGER  

rlSecuritySuiteSynProtectionRecoveryTimeout 1.3.6.1.4.1.9.6.1.101.120.12
This scalar globally set protection reovery time out in secounds.
OBJECT-TYPE    
  INTEGER  

rlSecuritySuiteSynProtectionPortTable 1.3.6.1.4.1.9.6.1.101.120.13
This table keeps SYN protection status per port.
OBJECT-TYPE    
  SEQUENCE OF  
    RlSecuritySuiteSynProtectionPortEntry

rlSecuritySuiteSynProtectionPortEntry 1.3.6.1.4.1.9.6.1.101.120.13.1
Each entry in this table describes TCP SYN protection status for one port.
OBJECT-TYPE    
  RlSecuritySuiteSynProtectionPortEntry  

rlSecuritySuiteSynProtectionPortMode 1.3.6.1.4.1.9.6.1.101.120.13.1.1
The port's TCP SYN protection mode.
OBJECT-TYPE    
  RlSecuritySuiteSynProtectionPortMode  

rlSecuritySuiteSynProtectionPortModeLastTimeAttack 1.3.6.1.4.1.9.6.1.101.120.13.1.2
The port's TCP SYN protection last attack time mode.
OBJECT-TYPE    
  RlSecuritySuiteSynProtectionPortMode  

rlSecuritySuiteSynProtectionPortLastTimeAttack 1.3.6.1.4.1.9.6.1.101.120.13.1.3
The port's TCP SYN protection last attack time.
OBJECT-TYPE    
  DisplayString