CISCO-SERVICE-CONTROL-ATTACK-MIB: View SNMP OID List / Download MIB
VENDOR: CISCO
Home | MIB: CISCO-SERVICE-CONTROL-ATTACK-MIB | |||
---|---|---|---|---|
Download as: |
Download standard MIB format if you are planning to load a MIB file into some system (OS, Zabbix, PRTG ...) or view it with a MIB browser. CSV is more suitable for analyzing and viewing OID' and other MIB objects in excel. JSON and YAML formats are usually used in programing even though some systems can use MIB in YAML format (like Logstash).
|
|||
Object Name | OID | Type | Access | Info |
ciscoServiceControlAttackMIB | 1.3.6.1.4.1.9.9.693 |
This MIB provides data related to different types of attacks detected by a service control entity. A service control entity is a network device which monitors and controls traffic. The service control entity is used as a platform for different service control applications which may perform monitoring operations beyond packet counting and delve deeper into the contents of network traffic. It provides programmable stateful inspection of bidirectional traffic flows and maps these flows with user/subscriber ownership. An attack is a malicious network activity with certain traffic characteristics and which is targeted on a certain network entity. An attack can be identified by its type, direction, source address, destination address and ports. Once an attack is detected, an attack filter is activated based on the type of the attack and corresponding actions are taken in the monitored network - this is referred to as attack start. For example the attack filter can drop the attacking traffic. When the attack detector identifies that the attack characteristics are no longer exist, it ends the mitigation action - what is referred to as attack end. The attack mitigation action is also referred to as attack filtering in this MIB. The time duration of attack filtering between attack start to attack end along with the direction (upstream, downstream) is also maintained by the service control entity. Attack filtering can be applied from the subscriber side to the network side, in the upstream direction. The downstream attack filtering is done from the network side to the subscriber side. This MIB also defines notifications generated by the service control entity when an attack is detected on a monitored network. |
||
ciscoServiceControlAttackMIBNotifs | 1.3.6.1.4.1.9.9.693.0 | |||
cscaFilterChange | 1.3.6.1.4.1.9.9.693.0.1 |
The system generates this notification to indicate that the cscaFilterStatus of the attack filter for cscaType has changed due to the reason determined by cscaDescription. The system limits the generation of this notifications for the same cscaType to a five-second interval. |
||
cscaGlobalAttackFilterChange | 1.3.6.1.4.1.9.9.693.0.2 |
The notification is generated when a start or end of a global attack is detected in the system. Below fields are sent with the trap: entPhysicalName indicates the name of the originating physical entity. cscaGlobalAttackType indicates the type of the global attack. cscaFilterStatus indicates whether the global attack is started or ended ie. the attack filter status is activated or deactivated. cscaTypeOriginatedByNetworkSide indicates the origin/source of the attack, whether it originated from network or subscriber side. |
||
ciscoServiceControlAttackMIBObjects | 1.3.6.1.4.1.9.9.693.1 | |||
cscaFilterMIBObjects | 1.3.6.1.4.1.9.9.693.1.1 | |||
cscaType | 1.3.6.1.4.1.9.9.693.1.1.1 | cscaattacktype | no-access |
This object indicates the type of an attack detected and reported by the service control entity. There are numerous attack types, based on the service control entity's definition. The service control entity monitors and mitigates a predefined set of attack type. The value of this object should be used as index to table cscaTypeTable in order to query for information regarding this attack type, such as its name and other statistics. |
cscaSourceAddressType | 1.3.6.1.4.1.9.9.693.1.1.2 | inetaddresstype | no-access |
This object indicates the address type for cscaSourceAddress. |
cscaSourceAddress | 1.3.6.1.4.1.9.9.693.1.1.3 | inetaddress | no-access |
This object indicates the network address that is the source end point of this attack. |
cscaDestinationAddressType | 1.3.6.1.4.1.9.9.693.1.1.4 | inetaddresstype | no-access |
This object indicates the address type for cscaDestinationAddress. |
cscaDestinationAddress | 1.3.6.1.4.1.9.9.693.1.1.5 | inetaddress | no-access |
This object indicates the network address that is the destination end point of this attack. |
cscaAttackedPort | 1.3.6.1.4.1.9.9.693.1.1.6 | inetportnumber | no-access |
This object indicates the port on which this attack occurs, if relevant for this type of attack. |
cscaFilterStatus | 1.3.6.1.4.1.9.9.693.1.1.7 | integer | no-access |
This object indicates the status of the filter for this attack. The values for this object are '1' (activated) and '2' (de-activated). Enumeration: 'deactivated': 2, 'activated': 1. |
cscaNotifsEnabled | 1.3.6.1.4.1.9.9.693.1.1.8 | truthvalue | read-write |
This object specifies whether the system generates the cscaFilterChange notification. |
cscaLastDiscontinuityTimeStamp | 1.3.6.1.4.1.9.9.693.1.1.9 | timestamp | read-only |
This object indicates the value of sysUpTime when the last discontinuity occurred. |
cscaGlobalAttackType | 1.3.6.1.4.1.9.9.693.1.1.10 | integer | read-only |
This object indicates the type of a global attack detected and reported by the service control entity. The list of the various global attack are: ICMP attack(1) UDP attack(2) UDP fragment attack(3) TCP SYN Attack(4) TCP RST Attack(5) TCP fragment Attack(6) TCP NON-SYN Attack(7) Enumeration: 'udpAttack': 2, 'tcpSynAttack': 4, 'tcpRstAttack': 5, 'tcpFragmentAttack': 6, 'udpFragmentAttack': 3, 'icmpAttack': 1, 'tcpNonSynAttack': 7. |
cscaGlobalAttackNotifsEnabled | 1.3.6.1.4.1.9.9.693.1.1.11 | truthvalue | read-write |
This object specifies whether the system generates the cscaGlobalAttackFilterChange notification. Setting this object value to 'true' will enable generation of cscaGlobalAttackFilterChange notification. Setting this object value to 'false' will disable generation of cscaGlobalAttackFilterChange notification. |
cscaTypeTable | 1.3.6.1.4.1.9.9.693.1.2 | no-access |
This table lists the aggregated statistics for each detected attack in a network controlled by a service control entity. |
|
1.3.6.1.4.1.9.9.693.1.2.1 | no-access |
This entry contains information for an attack detected by the service control entity. The service control entity can report a number of attack types, the cscaTypeTable is created during the initialization of the service control entity and is valid while the service control entity is operational. |
||
cscaTypeIndex | 1.3.6.1.4.1.9.9.693.1.2.1.1 | cscaattacktype | no-access |
This object uniquely identifies the attack type. |
cscaTypeCurrentNumAttacks | 1.3.6.1.4.1.9.9.693.1.2.1.2 | gauge32 | read-only |
This object indicates the current number of ongoing attacks of this type, that the service control entity has detected in the network. |
cscaTypeTotalNumAttacks | 1.3.6.1.4.1.9.9.693.1.2.1.3 | counter32 | read-only |
This object indicates the total number of attacks of this type since the last discontinuity. |
cscaTypeTotalNumFlows | 1.3.6.1.4.1.9.9.693.1.2.1.4 | counter64 | read-only |
This object indicates the total number of IP flows on which this type of attack has been detected, since the last discontinuity. |
cscaTypeTotalNumSeconds | 1.3.6.1.4.1.9.9.693.1.2.1.5 | counter32 | read-only |
This object indicates the accumulated duration in seconds belonging to this attack type, since the last discontinuity. |
cscaTypeOriginatedByNetworkSide | 1.3.6.1.4.1.9.9.693.1.2.1.6 | truthvalue | read-only |
This object indicates whether this attack type is originated from the Network side or from the Subscriber side. |
cscaTypeProtocol | 1.3.6.1.4.1.9.9.693.1.2.1.7 | integer32 | read-only |
This enumerated object indicates the protocol type for this type of attack (TCP/UDP/ICMP/etc). The values for this object are: (1) TCP (2) UDP (3) ICMP (4) Other |
cscaTypeIsPortSpecific | 1.3.6.1.4.1.9.9.693.1.2.1.8 | truthvalue | read-only |
This object indicates whether the attack type is port-specific or not. |
cscaTypeIPsDetected | 1.3.6.1.4.1.9.9.693.1.2.1.9 | integer32 | read-only |
This object indicates which IPs are detected in this type of attack. The enumerated values are: (1) Originating Side IP is detected. (2) Attacked Side IP is detected. (3) Both side IPs are detected. |
cscaInfoTable | 1.3.6.1.4.1.9.9.693.1.3 | no-access |
This table lists information for attack mitigation, also referred to as attack filtering, done by a service control entity in the monitored network. |
|
1.3.6.1.4.1.9.9.693.1.3.1 | no-access |
This entry contains information about attack mitigation done by a physical service control entity, for attacks which it has detected. |
||
cscaInfoUpStreamAttackFilteringTime | 1.3.6.1.4.1.9.9.693.1.3.1.1 | counter32 | read-only |
This object indicates the cumulative time during which attacks in the up-stream direction were filtered. |
cscaInfoUpStreamLastAttackFilteringTime | 1.3.6.1.4.1.9.9.693.1.3.1.2 | timeinterval | read-only |
This object indicates the time since the previous attack in the upstream direction has ended. Attack end is reached when the service control entity attack detector identifies that the attack characteristics (like high flow rate) no longer exist, and the attack is suppressed in the up-stream traffic. |
cscaInfoDownStreamAttackFilteringTime | 1.3.6.1.4.1.9.9.693.1.3.1.3 | counter32 | read-only |
This object indicates the cumulative time during which attacks in the down-stream direction were filtered. |
cscaInfoDownStreamLastAttackFilteringTime | 1.3.6.1.4.1.9.9.693.1.3.1.4 | timeinterval | read-only |
This object indicates the time since the previous attack in the downstream direction has ended. Attack end is reached when the service control entity attack detector identifies that the attack characteristics (like high flow rate) no longer exist, and the attack is suppressed in the down-stream traffic. |
ciscoServiceControlAttackMIBConform | 1.3.6.1.4.1.9.9.693.2 | |||
cscaMIBCompliances | 1.3.6.1.4.1.9.9.693.2.1 | |||
cscaMIBCompliance | 1.3.6.1.4.1.9.9.693.2.1.1 |
The compliance statement for SNMP Agents which implement this MIB. |
||
cscaMIBComplianceRev1 | 1.3.6.1.4.1.9.9.693.2.1.2 |
The compliance statement for SNMP Agents which implement this generic filter (both Specific IP and global attack) MIB. |
||
cscaMIBGroups | 1.3.6.1.4.1.9.9.693.2.2 | |||
cscaMIBAttackTypeObjectGroup | 1.3.6.1.4.1.9.9.693.2.2.1 |
A collection of objects which provides attack information. |
||
cscaMIBAttackInfoObjectGroup | 1.3.6.1.4.1.9.9.693.2.2.2 |
A collection of objects which provides attack filtering times for upstream and down stream attacks. |
||
cscaMIBNotificationGroup | 1.3.6.1.4.1.9.9.693.2.2.3 |
A collection of notification which provides status change information for attack filters. cscaMIBNotificationGroup object is superseded by cscaMIBNotificationGroupRev1. |
||
cscaFilterObjectGroup | 1.3.6.1.4.1.9.9.693.2.2.4 |
A collection of objects which define each attack filter and its status. cscaFilterObjectGroup object is superseded by cscaFilterObjectGroupRev1. |
||
cscaMIBNotifControlGroup | 1.3.6.1.4.1.9.9.693.2.2.5 |
A collection of object(s) to control the enable/disable state of notification generation. cscaMIBNotifControlGroup object is superseded by cscaMIBNotifControlGroupRev1. |
||
cscaMIBNotificationGroupRev1 | 1.3.6.1.4.1.9.9.693.2.2.6 |
A collection of notification which provides status change information for both specific IP and global attack filters. |
||
cscaFilterObjectGroupRev1 | 1.3.6.1.4.1.9.9.693.2.2.7 |
A collection of objects which define each attack filter and its status. |
||
cscaMIBNotifControlGroupRev1 | 1.3.6.1.4.1.9.9.693.2.2.8 |
A collection of object(s) to control the enable/disable state of notification generation. |