CISCO-SERVICE-CONTROL-ATTACK-MIB
This MIB provides data related to different types of
attacks detected by a service control entity.
A service control entity is a network device which monitors and
controls traffic. The service control entity is used as a
platform for different service control applications which may
perform monitoring operations beyond packet counting and delve
deeper into the contents of network traffic. It provides
programmable stateful inspection of bidirectional
traffic flows and maps these flows with user/subscriber
ownership.
An attack is a malicious network activity with certain traffic
characteristics and which is targeted on a certain network
entity. An attack can be identified by its type, direction,
source address, destination address and ports.
Once an attack is detected, an attack filter is activated based
on the type of the attack and corresponding actions are taken
in
the monitored network - this is referred to as attack start.
For example the attack filter can drop the attacking traffic.
When the attack detector identifies that the attack
characteristics are no longer exist, it ends the mitigation
action - what is referred to as attack end. The attack
mitigation action is also referred to as attack filtering in
this MIB.
The time duration of attack filtering between attack start to
attack end along with the direction (upstream, downstream) is
also maintained by the service control entity. Attack
filtering
can be applied from the subscriber side to the network side, in
the upstream direction. The downstream attack filtering is
done
from the network side to the subscriber side.
This MIB also defines notifications generated by the service
control entity when an attack is detected on a monitored
network.
|
Imported Objects
| ciscoMgmt | CISCO-SMI |
| entPhysicalName, entPhysicalIndex | ENTITY-MIB |
| InetPortNumber, InetAddress, InetAddressType | INET-ADDRESS-MIB |
| OBJECT-GROUP, NOTIFICATION-GROUP, MODULE-COMPLIANCE | SNMPv2-CONF |
| OBJECT-IDENTITY, Unsigned32, MODULE-IDENTITY, Integer32, Counter64, Gauge32, NOTIFICATION-TYPE, Counter32, OBJECT-TYPE | SNMPv2-SMI |
| TruthValue, TimeStamp, TimeInterval, TEXTUAL-CONVENTION, AutonomousType | SNMPv2-TC |
Type Definitions (1)
| Name | Base Type | Values/Constraints |
|---|---|---|
 CscaAttackType | Integer32 |
Objects
  ciscoServiceControlAttackMIB  | .1.3.6.1.4.1.9.9.693 | |
| ciscoServiceControlAttackMIBNotifs | .1.3.6.1.4.1.9.9.693.0 | |
| ciscoServiceControlAttackMIBObjects | .1.3.6.1.4.1.9.9.693.1 | |
| cscaFilterMIBObjects | .1.3.6.1.4.1.9.9.693.1.1 | |
 cscaType | .1.3.6.1.4.1.9.9.693.1.1.1 | |
| cscaGlobalAttackType | .1.3.6.1.4.1.9.9.693.1.1.10 | |
| cscaGlobalAttackNotifsEnabled | .1.3.6.1.4.1.9.9.693.1.1.11 | |
| cscaSourceAddressType | .1.3.6.1.4.1.9.9.693.1.1.2 | |
| cscaSourceAddress | .1.3.6.1.4.1.9.9.693.1.1.3 | |
| cscaDestinationAddressType | .1.3.6.1.4.1.9.9.693.1.1.4 | |
| cscaDestinationAddress | .1.3.6.1.4.1.9.9.693.1.1.5 | |
| cscaAttackedPort | .1.3.6.1.4.1.9.9.693.1.1.6 | |
| cscaFilterStatus | .1.3.6.1.4.1.9.9.693.1.1.7 | |
| cscaNotifsEnabled | .1.3.6.1.4.1.9.9.693.1.1.8 | |
| cscaLastDiscontinuityTimeStamp | .1.3.6.1.4.1.9.9.693.1.1.9 | |
 cscaTypeTable | .1.3.6.1.4.1.9.9.693.1.2 | |
 cscaTypeEntry | .1.3.6.1.4.1.9.9.693.1.2.1 | |
 cscaTypeIndex | .1.3.6.1.4.1.9.9.693.1.2.1.1 | |
| cscaTypeCurrentNumAttacks | .1.3.6.1.4.1.9.9.693.1.2.1.2 | |
| cscaTypeTotalNumAttacks | .1.3.6.1.4.1.9.9.693.1.2.1.3 | |
| cscaTypeTotalNumFlows | .1.3.6.1.4.1.9.9.693.1.2.1.4 | |
| cscaTypeTotalNumSeconds | .1.3.6.1.4.1.9.9.693.1.2.1.5 | |
| cscaTypeOriginatedByNetworkSide | .1.3.6.1.4.1.9.9.693.1.2.1.6 | |
| cscaTypeProtocol | .1.3.6.1.4.1.9.9.693.1.2.1.7 | |
| cscaTypeIsPortSpecific | .1.3.6.1.4.1.9.9.693.1.2.1.8 | |
| cscaTypeIPsDetected | .1.3.6.1.4.1.9.9.693.1.2.1.9 | |
| cscaInfoTable | .1.3.6.1.4.1.9.9.693.1.3 | |
| cscaInfoEntry | .1.3.6.1.4.1.9.9.693.1.3.1 | |
| cscaInfoUpStreamAttackFilteringTime | .1.3.6.1.4.1.9.9.693.1.3.1.1 | |
| cscaInfoUpStreamLastAttackFilteringTime | .1.3.6.1.4.1.9.9.693.1.3.1.2 | |
| cscaInfoDownStreamAttackFilteringTime | .1.3.6.1.4.1.9.9.693.1.3.1.3 | |
| cscaInfoDownStreamLastAttackFilteringTime | .1.3.6.1.4.1.9.9.693.1.3.1.4 | |
| ciscoServiceControlAttackMIBConform | .1.3.6.1.4.1.9.9.693.2 | |
| cscaMIBCompliances | .1.3.6.1.4.1.9.9.693.2.1 | |
| cscaMIBGroups | .1.3.6.1.4.1.9.9.693.2.2 |
Notifications/Traps
| Name | OID | Description |
|---|---|---|
 cscaFilterChange | .1.3.6.1.4.1.9.9.693.0.1 | generates this notification to indicate that the cscaFilterStatus of the attack filter for cscaType has changed due to the reason determined by cscaDescription. The system limits the generation of this notifications for the same cscaType to a five-second interval. |
| cscaGlobalAttackFilterChange | .1.3.6.1.4.1.9.9.693.0.2 | cation is generated when a start or end of a global
attack is detected in the system.
Below fields are sent with the trap:
entPhysicalName indicates the name of the
originating physical entity.
cscaGlobalAttackType indicates the type of the global
attack.
cscaFilterStatus indicates whether the global attack is
started or ended ie. the attack filter status is activated or
deactivated.
cscaTypeOriginatedByNetworkSide indicates the origin/source
of the attack, whether it originated from network or subscriber
side. |