-- =================================================================
-- Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P.
--
-- Description: This MIB is to provide the definition of
--              Abnormal Flow Clean system.
-- Reference:
-- Version: V1.0
-- History:
--   V1.0 2008-07-23, Created by luohaijun
-- =================================================================
HPN-ICF-AFC-MIB DEFINITIONS ::= BEGIN

    IMPORTS
        hpnicfCommon FROM HPN-ICF-OID-MIB
        OBJECT-TYPE, NOTIFICATION-TYPE, MODULE-IDENTITY, Integer32, IpAddress
            FROM SNMPv2-SMI
        ;

hpnicfAFC  MODULE-IDENTITY
    LAST-UPDATED "200807230000Z"
    ORGANIZATION
        ""
    CONTACT-INFO
        ""
    DESCRIPTION
        "This MIB is to provide the definition of Abnormal Flow Clean system."
    REVISION "200807230000Z"
    DESCRIPTION
        "The Initial Version of this MIB module."
    ::= { hpnicfCommon 85 }


hpnicfAFCLeaf OBJECT IDENTIFIER ::= {hpnicfAFC  1}

--
-- DDOS ATTACK 'Target IP' OBJECT
--

hpnicfDDosAttackTargetIP OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This shows the victim of a DDos attack.  The IP Address is in the list
        of protected IP address."
    ::= {hpnicfAFCLeaf 1}

--
-- DDOS ATTACK 'Attack type' OBJECT
--

hpnicfDDosAttackType OBJECT-TYPE
    SYNTAX      INTEGER{
                land(1),
                smurf(2),
                fraggle(3),
                winnuke(4),
                synflood(5),
                icmpflood(6),
                udpflood(7),
                icmpredirect(8),
                icmpunreachable(9),
                tracert(11),
                tcpflag(12),
                pingofdeath(13),
                teardrop(14),
                ipfragment(15),
                largeicmp(18),
                sourceroute(19),
                routerecord(20),
                fragflood(24),
                scan(27),
                appstreamalarm(29),
                sessionstreamalarm(30),
                tcpabnormal(32),
                ipfragabnormal(33),
                tftpabnormal(34),
                dnsabnormal(35),
                httpabnormal(36),
                telnetabnormal(37),
                ftpabnormal(38),
                smtpabnormal(39),
                pop3abnormal(40),
                snmpabnormal(41),
                ackabnormal(42),
                cc(43),
                otherabnormal(1024)
                }
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This shows the attack type which the victim is sufferd."
    ::= {hpnicfAFCLeaf 2}

--
-- DDOS ATTACK 'Attack policy' OBJECT
--

hpnicfDDosAttackPolicy OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE(0..80))
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This shows the policy name which detects the DDos Attack."
    ::= {hpnicfAFCLeaf 3}
    
--
-- DDOS ATTACK 'Attack threshold' OBJECT
--

hpnicfDDosAttackThreshold OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This shows the policy threshold in the DDos Attack."
    ::= {hpnicfAFCLeaf 4}

--
-- DDOS ATTACK 'Attack speed' OBJECT
--

hpnicfDDosAttackSpeed OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This shows the rate of policy in the DDos Attack."
    ::= {hpnicfAFCLeaf 5}



-- **********************************************************************
-- Define enterprise repeater traps. Rules for traps are that any
-- varbind must be from a table in which the first qualifier on the
-- object id is the service identifier of the 'thing' causing the trap.
-- **********************************************************************
hpnicfAFCNotify OBJECT IDENTIFIER ::= {hpnicfAFC  2}

hpnicfAFCNotifyPrefix OBJECT IDENTIFIER ::= { hpnicfAFCNotify 0 }

hpnicfDDosAttackStart NOTIFICATION-TYPE
    OBJECTS {
        hpnicfDDosAttackTargetIP,
        hpnicfDDosAttackType,
        hpnicfDDosAttackPolicy,
        hpnicfDDosAttackThreshold,
        hpnicfDDosAttackSpeed
        }
    STATUS  current
    DESCRIPTION
        "This trap is sent when a DDos attack on specific IP is detected.
         The IP address of the victim is the first object.
         The exact type of the attack is the second object.
         The policy name which detects the attack is the third object.
         The threshold of the attack is the 4th object.
         The speed of the attack is the 5th object."
    ::= {hpnicfAFCNotifyPrefix 1}


hpnicfDDosAttackEnd NOTIFICATION-TYPE
    OBJECTS {
        hpnicfDDosAttackTargetIP
        }
    STATUS  current
    DESCRIPTION
        "This trap is sent when a DDos Attack end.  The IP address of the
        victim is the very object."
    ::= {hpnicfAFCNotifyPrefix 2}

END
