dosDefenseAttackState
AT-DOS-MIB ·
.1.3.6.1.4.1.207.8.4.4.4.143.4.1.10
Object
column
Enumeration
Whether or not an attack is currently in progress on the
port.
None(0) means no attack is in progress.
If dosDefenseAttackType is SYNFlood(1), Suspected(1)
means a SYN Flood attack is suspected. A threshold has
not been set, and the default threshold of a SYN:ACK
ratio of 2:1 above 20 packets per second has been
reached.
If dosDefenseAttackType is PingOfDeath(2), Teardrop(5)
or Land(6), Suspected means that some suspect packets
have been received but have not yet been analysed to
determine if an attack exists.
InProgress(2) means an attack is in progress.
Context
- MIB
- AT-DOS-MIB
- OID
.1.3.6.1.4.1.207.8.4.4.4.143.4.1.10- Type
- column
- Access
- readonly
- Status
- current
- Parent
- dosDefenseEntry
- Table
- dosDefenseTable
- Siblings
- 11
Syntax
Enumeration
Values & Constraints
Enumerated Values
0 | none |
1 | suspected |
2 | inProgress |
Related Objects
Sibling Objects
| Object | Type | Syntax | OID |
|---|---|---|---|
| dosDefensePort The port index on which the defense is configured. | column | Integer32 | .1.3.6.1.4.1.207.8.4.4.4.143.4.1.1 |
| dosDefenseAttackCount The number of attacks (attacked seconds) detected
on this port. | column | SNMPv2-SMICounter32 | .1.3.6.1.4.1.207.8.4.4.4.143.4.1.11 |
| dosDefenseRemainingBlockTime The time remaining | column | seconds Integer32 | .1.3.6.1.4.1.207.8.4.4.4.143.4.1.12 |
| dosDefenseAttackType The type of attack this defense protects against. | column | Enumeration | .1.3.6.1.4.1.207.8.4.4.4.143.4.1.2 |
| dosDefenseDefenseStatus Whether or not this attack is currently enabled
on this port. | column | Enumeration | .1.3.6.1.4.1.207.8.4.4.4.143.4.1.3 |
| dosDefenseThreshold The threshold, in packets per second, at which an
attack is deemed to be in progress.
If dosDefenseAttackType is SYNFlood(1), a value of 0 means
no threshold has be… | column | Integer32 | .1.3.6.1.4.1.207.8.4.4.4.143.4.1.4 |
| dosDefenseBlockTime The time, in seconds, that must elapse after the last
malicious packet is seen, before an attack is deemed
to have finished and the port stops blocking traffic.
If… | column | seconds Integer32 | .1.3.6.1.4.1.207.8.4.4.4.143.4.1.5 |
| dosDefenseMirroring Whether or not suspect traffic received by this port
is copied to the pre-configured mirror port. | column | SNMPv2-TCTruthValue | .1.3.6.1.4.1.207.8.4.4.4.143.4.1.6 |
| dosDefensePortType If dosDefenseAttackType is Land(6), the type of port.
For other values of dosDefenseAttackType, this object
returns notapplicable(0).
A device connected to a client… | column | Enumeration | .1.3.6.1.4.1.207.8.4.4.4.143.4.1.7 |
| dosDefenseSubnetAddress If dosDefenseAttackType is Smurf(3), the subnet address
is used to determine the local broadcast address.
If dosDefenseAttackType is Land(6), the subnet address
use… | column | SNMPv2-SMIIpAddress | .1.3.6.1.4.1.207.8.4.4.4.143.4.1.8 |
| dosDefenseSubnetMask If dosDefenseAttackType is Smurf(3), the subnet mask
is used to determine the local broadcast address.
If dosDefenseAttackType is Land(6), the subnet mask
used to d… | column | SNMPv2-SMIIpAddress | .1.3.6.1.4.1.207.8.4.4.4.143.4.1.9 |