-- Copyright (c) 1999-2004, Juniper Networks, Inc. -- All rights reserved. NETSCREEN-TRAP-MIB DEFINITIONS ::= BEGIN IMPORTS netscreenTrap, netscreenTrapInfo FROM NETSCREEN-SMI MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE FROM SNMPv2-SMI DisplayString FROM SNMPv2-TC ; netscreenTrapMibModule MODULE-IDENTITY LAST-UPDATED "200907170000Z" -- Jul 17, 2009 ORGANIZATION "Juniper Networks, Inc." CONTACT-INFO "Customer Support 1194 North Mathilda Avenue Sunnyvale, California 94089-1206 USA Tel: 1-800-638-8296 E-mail: customerservice@juniper.net HTTP://www.juniper.net" DESCRIPTION "Added new traps introduced in 6.3, which includes 3, 35, 39, 52, 53, 54, 66, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 94, 105, 110, 111, 112, 113, 114, 200, 201, 202, 203, 204, 226, 227, 228, 229, 230, 231, 426, 427, 442, 443, 554, 600, 601, 602, 701, 702, 703, 704, 804, 805, 806, 850" REVISION "200803170000Z" -- Mar 17, 2008 DESCRIPTION "Added trap types 15, it is still in use" REVISION "200803170000Z" -- Mar 17, 2008 DESCRIPTION "Added 5 new trap types - 800-804. Removed 1000." REVISION "200510170000Z" -- Oct 17, 2005 DESCRIPTION "Added 4 new trap types - ipv6 ip conflicts(101), dip util raise(102) and clear(103), ids-icmp-ping-id-zero(441)." REVISION "200503030000Z" -- March 03, 2005 DESCRIPTION "Trap MIB" REVISION "200409100000Z" -- Sep 10, 2004 DESCRIPTION "Removed nsTrapType 3, 15,18,19 and 1000" REVISION "200405030000Z" -- May 03, 2004 DESCRIPTION "Modified copyright and contact information" REVISION "200403030000Z" -- March 03, 2004 DESCRIPTION "Converted to SMIv2 by Longview Software" REVISION "200401230000Z" -- January 23, 2004 DESCRIPTION "Add new traps (430~434)" REVISION "200109280000Z" -- September 28, 2001 DESCRIPTION "Add global-report manager specific trap" REVISION "200008020000Z" -- August 02, 2000 DESCRIPTION "Creation Date" ::= { netscreenTrapInfo 0 } netscreenTrapHw NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc } STATUS current DESCRIPTION "This trap indicates that some kind of hardware problem has occured." ::= { netscreenTrap 100 } netscreenTrapFw NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc } STATUS current DESCRIPTION "This trap indicates that some kind of firewall functions has been triggered." ::= { netscreenTrap 200 } netscreenTrapSw NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc } STATUS current DESCRIPTION "This trap indicates that some kind of software problem has occured." ::= { netscreenTrap 300 } netscreenTrapTrf NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc } STATUS current DESCRIPTION "This trap indicates that some kind of traffic conditions has been triggered." ::= { netscreenTrap 400 } netscreenTrapVpn NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc } STATUS current DESCRIPTION "This trap indicates that VPN tunnel status has occured." ::= { netscreenTrap 500 } netscreenTrapNsrp NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc } STATUS current DESCRIPTION "This trap indicates that NSRP status has occured." ::= { netscreenTrap 600 } netscreenTrapGPRO NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc } STATUS current DESCRIPTION "This trap indicates that some kind of Global PRO problems has occurred." ::= { netscreenTrap 700 } netscreenTrapDrp NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc } STATUS current DESCRIPTION "This trap indicates that Drp status has occured." ::= { netscreenTrap 800 } netscreenTrapIFFailover NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc } STATUS current DESCRIPTION "This trap indicates that interface fail over status has occured." ::= { netscreenTrap 900 } netscreenTrapIDPAttack NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc } STATUS current DESCRIPTION "This trap indicates that IDP attack status has occured." ::= { netscreenTrap 1000 } netscreenTrapType OBJECT-TYPE SYNTAX INTEGER { -- Traffic per-second threshold traffic-sec(1), -- Traffic per-minute threshold traffic-min(2), -- Winnuke pak winnuke(4), -- Syn attack syn-attack(5), -- tear-drop attack tear-drop(6), -- Ping of Death attack ping-death(7), -- IP spoofing attack ip-spoofing(8), -- IP source routing attack ip-src-route(9), -- land attack land(10), -- ICMP flooding attack icmp-flood(11), -- UDP flooding attack udp-flood(12), -- Illegal server IP to connect to CMS port illegal-cms-svr(13), -- URL blocking server connection alarm url-block-srv(14), -- high availability high-availability(15), -- Port Scan attack port-scan(16), -- address sweep attack addr-sweep(17), -- memory low low-memory(20), -- DNS server unreachable dns-srv-down(21), -- Fan, Power Supply failure generic-HW-fail(22), -- Load balance server unreachable lb-srv-down(23), -- log buffer overflow log-full(24), -- X509 related x509(25), -- VPN and IKE related vpn-ike(26), -- admin realted admin(27), -- Illegal src ip to connect to sme port sme(28), -- DHCP related dhcp(29), -- CPU usage is high cpu-usage-high(30), -- Interface IP conflict ip-conflict(31), -- Microsoft IIS server vulnerability attact-malicious-url(32), -- session threshold is exceeded session-threshold(33), -- SSH related alarms ssh-alarm(34), -- Audit storage related alarms audit-storage(35), -- driver's rx bd shortage rxbd-low-alarm(39), -- VPN tunnel from down to up vpn-tunnel-up(40), -- VPN tunnel from up to down vpn-tunnel-down(41), -- VPN replay detected vpn-replay-attack(42), -- VPN tunnel removed vpn-l2tp-tunnel-remove(43), -- VPN tunnel removed and error detected vpn-l2tp-tunnel-remove-err(44), -- VPN call removed vpn-l2tp-call-remove(45), -- VPN call removed and error detected vpn-l2tp-call-remove-err(46), -- Number of IAS exceeds configured maximum vpn-ias-too-many(47), -- Number of IAS crossed configured upper threshold vpn-ias-over-threshold(48), -- Number of IAS crossed configured lower threshold vpn-ias-under-threshold(49), -- IKE error occured for the IAS session vpn-ias-ike-error(50), -- allocated session exceed threshold allocated-session-threshold(51), -- av-csp related alarm av-csp-alarm(52), -- av related alarm av-alarm(53), -- apppry related alarm apppry-alarm(54), -- NSRP rto self unit status change from up to down nsrp-rto-up(60), -- NSRP rto self unit status change from down to up nsrp-rto-down(61), -- NSRP track ip successed nsrp-trackip-success(62), -- NSRP track ip failed nsrp-trackip-failed(63), -- NSRP track ip fail over nsrp-trackip-failover(64), -- NSRP inconsistent configuration between master and backup nsrp-inconsistent-configuration(65), -- track ip status related alarm trackip-status(66), -- NSRP vsd group status change to elect nsrp-vsd-init(70), -- NSRP vsd group status change to master nsrp-vsd-master(71), -- NSRP vsd group status change to primary backup nsrp-vsd-pbackup(72), -- NSRP vsd group status change to backup nsrp-vsd-backup(73), -- NSRP vsd group status change to ineligible nsrp-vsd-ineligible(74), -- NSRP VSD group status change to inoperable nsrp-vsd-inoperable(75), -- NSRP VSD request heartbeat from 2nd HA path nsrp-vsd-req-hearbeat-2nd(76), -- NSRP VSD reply to 2nd path request nsrp-vsd-reply-2nd(77), -- NSRP duplicated RTO group found nsrp-rto-duplicated(78), -- NSRP duplicated VSD group master ip-dup-master(79), -- MEM cannot find usable memory for current pool di-heap-create-fail(80), -- MEM cannot find usable in any pool mem-alloc-fail(81), -- VRRP status related alarm vrrp-status-alarm(82), -- SCCP related alarm sccp-alarm(83), -- MGCP related alarm mgcp-reinit(84), -- MLFR related alarm mlfr-alarm(85), -- FR related alarm fr-alarm(86), -- CISCO HDLC related alarm cisco-hdlc-alarm(87), -- PPPOW related alarm pppow-alarm(88), -- H323 related alarm h323-alarm(89), -- ISDN related alarm isdn-alarm(90), -- interface backup interface-backup(91), -- Card function is abnormal wan-card-function(92), -- A USB key is plug/unplug from USB port usb-device-operation(93), -- interface failure interface-failure(94), -- No ppp IP pool configured ppp-no-ip-cfg(95), -- IP pool exhausted. No ip to assign ppp-no-ip-in-pool(96), -- Any change to interface IP address can use the type ip-addr-event(101), -- DIP utilization reaches raised threshold limit dip-util-raise(102), -- DIP utilization reaches clear threshold limit dip-util-clear(103), -- DOT1X related alarm dot1x-alarm(105), -- VPN IAS radius error vpn-ias-radius-error(110), -- VPN IKEID enum attack vpn-ikeid-enum-attack(111), -- VPN soft limit reached vpn-softlimit-reached(112), -- VPN IKE dos attack vpn-ikedos-attack(113), -- VPN acvpn profile error vpn-acvpn-profile-error(114), -- exceed maximum routing entry allowed for the system route-sys-entry-ex(200), -- exceed maximum routing entry allowed for a vr route-vr-entry-ex(201), -- exceed the hello packet threshold per hello interval route-ospf-hello-flood(202), -- exceed the lsa packet threshold per lsa threshold route-ospf-lsa-flood(203), -- exceed the update4 packet threshold per update time in rip route-rip-update-flood(204), -- Errors in route module (exceed limit, malloc failure, add-perfix failure etc) route-alarm(205), -- LSA/Hello packets flood in OSPF, route redistribution exceed limit, ospf-flood(206), -- Update packet floods in RIP rip-flood(207), -- Peer forms adjacency completely bgp-established(208), -- Peer's adjacency is torn down, goes to Idle state bgp-backwardtransition(209), -- change in virtual link's state (down, point-to-point etc) ospf-virtifstatechange(210), -- change in neighbor's state on regular interface (down, 2way, full etc) ospf-nbrstatechange(211), -- change in neighbor's state on virtual link (down, full etc) ospf-virtnbrstatechange(212), -- authentication mismatch/area mismatch etc on regular interface ospf-ifconfigerror(213), -- authentication mismatch/area mismatch etc on virtual link ospf-virtifconfigerror(214), -- Authentication eror on regular interface ospf-ifauthfailure(215), -- Authentication eror on virtual link ospf-virtifauthfailure(216), -- lsa received with invalid lsa-type on regular interface ospf-ifrxbadpacket(217), -- lsa received with invalid lsa-type on virtual link ospf-virtifrxbadpacket(218), -- retransmission to neighbor on regular interface ospf-txretransmit(219), -- retransmission to neighbor on virtual link ospf-virtiftxretransmit(220), -- new LSA generated by local router ospf-originatelsa(221), -- LSA aged out ospf-maxagelsa(222), -- when total LSAs in database exceed predefined limit ospf-lsdboverflow(223), -- when total LSAs in database approach predefined limit ospf-lsdbapproachingoverflow(224), -- change in regular interface state (up/down, dr/bdr etc) ospf-ifstatechange(225), -- BGP related alarm bgp-alarm(226), -- packet floods in RIPng ripng-flood(227), -- exceed the update4 packet threshold per update time in ripng route-ripng-update-flood(228), -- PBR related alarm pbr-alarm(229), -- NHRP related alarm nhrp-alarm(230), -- OSPFV3 related alarm ospfv3-alarm(231), -- block java/active-x component ids-component(400), -- icmp flood attack ids-icmp-flood(401), -- udp flood attack ids-udp-flood(402), -- winnuke attack ids-winnuke(403), -- port scan attack ids-port-scan(404), -- address sweep attack ids-addr-sweep(405), -- tear drop attack ids-tear-drop(406), -- syn flood attack ids-syn(407), -- ip spoofing attack ids-ip-spoofing(408), -- ping of death attack ids-ping-death(409), -- filter ip packet with source route option ids-ip-source-route(410), -- land attack ids-land(411), -- screen syn fragment attack syn-frag-attack(412), -- screen tcp packet without flag attack tcp-without-flag(413), -- screen unknown ip packet unknow-ip-packet(414), -- screen bad ip option bad-ip-option(415), -- screen mal url tcp-mal-url(426), -- screen sess mal num tcp-sess-mal-num(427), dst-ip-session-limit(430), -- HTTP component blocking for .zip files ids-block-zip(431), -- HTTP component blocking for Java applets ids-block-jar(432), -- HTTP component blocking for .exe files ids-block-exe(433), -- HTTP component blocking for ActiveX controls ids-block-activex(434), -- screen icmp fragment packet icmp-fragment(435), -- screen too large icmp packet too-large-icmp(436), -- screen tcp flag syn-fin set tcp-syn-fin(437), -- screen tcp fin without ack tcp-fin-no-ack(438), -- avoid replying to syns after excessive 3 way TCP handshakes from -- same src ip but not proceeding with user auth. (not replying to -- username/password).. ids-tcp-syn-ack-ack(439), -- ip fragment ids-ip-block-frag(440), -- Dst IP-based session limiting -- icmp ping id 0 ids-icmp-ping-id-zero(441), -- tcp sweep tcp-sweep(442), -- udp sweep udp-sweep(443), -- AV Scan Manager Alarm, sofeware trap av-scan-mgr(554), -- mcore related alarm mcore-alarm(601), -- spim related alarm spim-alarm(602), -- Security Module down detected sm-down(701), -- Security Module packet droped detected sm-packet-drop(702), -- Security Module memory, CPU and session detected sm-overload(703), -- Security Module CPU unresponsive detected sm-cpu-unresponsive(704), --Shared to fair transition forced cpu-limit-s2f-forced(800), --Shared to fair transition auto cpu-limit-s2f-auto(801), --Fair to shared transition forced cpu-limit-f2s-forced(802), --Fair to shared transition because of timeout cpu-limit-f2s-timeout(803), --Fair to shared transition auto cpu-limit-f2s-auto(804), --Flow potential violation sec-potential-voilation(805), --Flow session cache alarm flow-sess-cache(806), --vsys session limit alarm vsys-session-limit(850) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The integer value of the raised alarm type. Note that the type should be interpreted within a specific trap" ::= { netscreenTrapInfo 1 } netscreenTrapDesc OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The textual description of the alarm" ::= { netscreenTrapInfo 3 } END