EXTREME-IP-SECURITY-MIB
File:
EXTREME-IP-SECURITY-MIB.mib (18018 bytes)
Imported modules
Imported symbols
Defined Types
HexOctet |
|
A single hexidecimal octet used to specify TCP flags |
TEXTUAL-CONVENTION |
|
|
|
|
OCTET STRING |
Size(2) |
|
VlanTag |
|
The tag used when encapsulating packets transmitted |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
0..4095 |
|
IpProtocol |
|
The value of the IP Protocol field of an IP Datagram
Header. This identifies the protocol layer above IP. For
example, the value 6 is used for TCP and the value 17 is used
for UDP. The values of this field are defined in the Assigned
Numbers RFC. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
unknown(0), icmp(1), tcp(6), udp(17) |
|
TcpFlagAnomalyReason |
|
1) (TCP flag SYN is set) and (its TCP source port < 1024). OR
2) (TCP flag == 0) and (TCP seq # == 0). OR
3) (TCP flag FIN/URG/PSH bits sre set) and (TCP seq # == 0). OR
4) Both TCP iflag SYN and FIN are set |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
unknown(0), flagSynAndSrcPort(1), flagAndSeq(2), flagFinAndUrgAandPshandSeq(3), flagSynAndFin(4) |
|
IcmpAnomalyReason |
|
1) the size of ICMP is large than pre-configured allowed size
2) Fragmented ICMP packet |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
unknown(0), icmpOverSize(1), icmpFragmented(2) |
|
TcpFragmentAnomalyReason |
|
1) TCP packet and incompleted TCP header (IP payload less tahn MIN_TCP_HDR_SIZE)
2) Fragmented TCP packet (IP fragment offset = 1) |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
unknown(0), tcpHdrLessSize(1), tcpFragmented(2) |
|
Defined Values
extremeIpSecurityViolation |
1.3.6.1.4.1.1916.1.34.1.0.1 |
For vlans/ports on which one or more of the IP Security
features have been enabled, this trap will be generated when a packet
received on that vlan/port is in violation of the configured IP
Security protections |
Status: current |
Access: accessible-for-notify |
NOTIFICATION-TYPE |
|
|
|
extremeIpSecurityVlanIfIndex |
1.3.6.1.4.1.1916.1.34.1.1 |
The ifIndex of the VLAN on which the violating packet was received. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
extremeIpSecurityVlanDescr |
1.3.6.1.4.1.1916.1.34.1.2 |
The description(name) of the VLAN on which the violating packet was received. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
DisplayString |
Size(0..32) |
|
extremeIpSecurityPortIfIndex |
1.3.6.1.4.1.1916.1.34.1.3 |
The ifIndex of the port on which the violating packet was received. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
extremeIpSecurityViolationType |
1.3.6.1.4.1.1916.1.34.1.6 |
The type of IP Security violation that occurred
- rogueDhcpServerPacket(1)
A rogue DHCP server packet was received.
- badIpMacBindingInArpPacket(2)
The IP-MAC binding received in the ARP packet does not exist in
the DHCP Bindings table.
- badIpInArpPacket(3)
The Source IP address in the ARP payload is invalid.
- badMacInArpPacket(4)
One of the MAC addresses in the ARP payload does not match with
its counterpart in the ethernet header. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
INTEGER |
rogueDhcpServerPacket(1), badIpMacBindingInArpPacket(2), badIpInArpPacket(3), badMacInArpPacket(4) |
|
extremeIpSecurityAnomalyIpViolation |
1.3.6.1.4.1.1916.1.34.2.0.1 |
For ports on which the protocol anomaly protection IP
features has been enabled, this trap will be generated when a packet
received on that port if the packet's source IP == destination IP |
Status: current |
Access: accessible-for-notify |
NOTIFICATION-TYPE |
|
|
|
extremeIpSecurityAnomalyL4PortViolation |
1.3.6.1.4.1.1916.1.34.2.0.2 |
For ports on which the protocol anomaly protection L4port
features has been enabled, this trap will be generated when a packet
received on that port if
1) the packet is a TCP or UDP packetr. AND
2) its source L4 port == destination port |
Status: current |
Access: accessible-for-notify |
NOTIFICATION-TYPE |
|
|
|
extremeIpSecurityAnomalyTcpFlagViolation |
1.3.6.1.4.1.1916.1.34.2.0.3 |
For ports on which the protocol anomaly protection TCP flags
features has been enabled, this trap will be generated when a TCP
packet received on that port if
1) (TCP flag SYN is set) and (its TCP source port < 1024). OR
2) (TCP flag == 0) and (TCP seq # == 0). OR
3) (TCP flag FIN/URG/PSH bits sre set) and (TCP seq # == 0). OR
4) Both TCP iflag SYN and FIN are set |
Status: current |
Access: accessible-for-notify |
NOTIFICATION-TYPE |
|
|
|
extremeIpSecurityAnomalyTcpFragmentViolation |
1.3.6.1.4.1.1916.1.34.2.0.4 |
For ports on which the protocol anomaly protection TCP fragment
features has been enabled, this trap will be generated when a packet
received on that port if
1) the packet is a TCP, and its size of the TCP header is less than pre-configured value; or
2) the packet is a TCP and it is a IP fragmented packet (IP offset != 0) |
Status: current |
Access: accessible-for-notify |
NOTIFICATION-TYPE |
|
|
|
extremeIpSecurityAnomalyIcmpViolation |
1.3.6.1.4.1.1916.1.34.2.0.5 |
For ports on which the protocol anomaly protection ICMP
features has been enabled, this trap will be generated when an ICMP
packet received on that port if
1) the size of ICMP (IP payload) is large thant pre-configured value; or
2) it is a fragmented IP/ICMP packet (IP offset != 0) |
Status: current |
Access: accessible-for-notify |
NOTIFICATION-TYPE |
|
|
|
esAnomalyPortIfIndex |
1.3.6.1.4.1.1916.1.34.2.1 |
The ifIndex of the port on which the violating packet was received. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
esAnomalyVlanIfIndex |
1.3.6.1.4.1.1916.1.34.2.2 |
The ifIndex of the VLAN on which the violating packet was received. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
esAnomalyVlanDescr |
1.3.6.1.4.1.1916.1.34.2.3 |
The description(name) of the VLAN on which the violating packet was received. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
DisplayString |
Size(0..32) |
|
esAnomalySrcMacAddress |
1.3.6.1.4.1.1916.1.34.2.4 |
Source MAC address in the violating packet |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
MacAddress |
|
|
esAnomalyDestMacAddress |
1.3.6.1.4.1.1916.1.34.2.5 |
Destination MAC address in the violating packet |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
MacAddress |
|
|
esAnomalySrcIpAddr |
1.3.6.1.4.1.1916.1.34.2.7 |
source IP address in the violating packet |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
esAnomalyDestIpAddr |
1.3.6.1.4.1.1916.1.34.2.9 |
destination IP address in the violating packet |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
esAnomalyIpProto |
1.3.6.1.4.1.1916.1.34.2.10 |
IP protocol in the violating packet |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
IpProtocol |
|
|
esAnomalySrcL4Port |
1.3.6.1.4.1.1916.1.34.2.11 |
tcp/udp source port number in the violating packet |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
InetPortNumber |
|
|
esAnomalyDestL4Port |
1.3.6.1.4.1.1916.1.34.2.12 |
tcp/udp destination port in the violating packet |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
InetPortNumber |
|
|
esAnomalyTcpFlag |
1.3.6.1.4.1.1916.1.34.2.13 |
TCP flags in the violating packet |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
HexOctet |
|
|
esAnomalyTcpSeq |
1.3.6.1.4.1.1916.1.34.2.14 |
TCP sequence number in the violating packet |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
esAnomalyTcpHdrSize |
1.3.6.1.4.1.1916.1.34.2.15 |
TCP Header size in the violating packet |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
esAnomalyVlanTag |
1.3.6.1.4.1.1916.1.34.2.18 |
the vlan tag in the violating packet |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
VlanTag |
|
|