-- Copyright (c) 1999-2004, Juniper Networks, Inc.
-- All rights reserved.

NETSCREEN-TRAP-MIB DEFINITIONS ::= BEGIN

IMPORTS
    netscreenTrap, netscreenTrapInfo
        FROM NETSCREEN-SMI
    MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE
        FROM SNMPv2-SMI
    DisplayString
        FROM SNMPv2-TC
    ;

netscreenTrapMibModule MODULE-IDENTITY
    LAST-UPDATED  "200503032022Z" -- March 03, 2005
    ORGANIZATION
        "Juniper Networks, Inc."
    CONTACT-INFO
        "Customer Support

         1194 North Mathilda Avenue 
         Sunnyvale, California 94089-1206
         USA

         Tel: 1-800-638-8296
         E-mail: customerservice@juniper.net
         HTTP://www.juniper.net"
    DESCRIPTION
        "Added trap types 15, it is still in use"
    REVISION      "200803170000Z" -- Mar 17, 2008
    DESCRIPTION
        "Added 5 new trap types - 800-804. Removed 1000."
    REVISION      "200510170000Z" -- Oct 17, 2005
    DESCRIPTION
        "Added 4 new trap types - ipv6 ip conflicts(101), dip util raise(102) and clear(103), 
         ids-icmp-ping-id-zero(441)."
    REVISION      "200503030000Z" -- March 03, 2005
    DESCRIPTION
        "Trap MIB"
    REVISION      "200409100000Z" -- Sep 10, 2004
    DESCRIPTION
        "Removed nsTrapType 3, 15,18,19 and 1000"
    REVISION      "200405030000Z" -- May 03, 2004
    DESCRIPTION
        "Modified copyright and contact information"
    REVISION      "200403030000Z" -- March 03, 2004
    DESCRIPTION
        "Converted to SMIv2 by Longview Software"
    REVISION      "200401230000Z" -- January 23, 2004
    DESCRIPTION
        "Add new traps (430~434)"
    REVISION      "200109280000Z" -- September 28, 2001
    DESCRIPTION
        "Add global-report manager specific trap"
    REVISION      "200008020000Z" -- August 02, 2000
    DESCRIPTION
        "Creation Date"
    ::= { netscreenTrapInfo 0 }

netscreenTrapHw NOTIFICATION-TYPE
    OBJECTS
        { netscreenTrapType, netscreenTrapDesc }
    STATUS        current
    DESCRIPTION
        "This trap indicates that some kind of hardware problem has
         occured."
    ::= { netscreenTrap 100 }

netscreenTrapFw NOTIFICATION-TYPE
    OBJECTS
        { netscreenTrapType, netscreenTrapDesc }
    STATUS        current
    DESCRIPTION
        "This trap indicates that some kind of firewall functions has
         been triggered."
    ::= { netscreenTrap 200 }

netscreenTrapSw NOTIFICATION-TYPE
    OBJECTS
        { netscreenTrapType, netscreenTrapDesc }
    STATUS        current
    DESCRIPTION
        "This trap indicates that some kind of software problem has
         occured."
    ::= { netscreenTrap 300 }

netscreenTrapTrf NOTIFICATION-TYPE
    OBJECTS
        { netscreenTrapType, netscreenTrapDesc }
    STATUS        current
    DESCRIPTION
        "This trap indicates that some kind of traffic conditions has
         been triggered."
    ::= { netscreenTrap 400 }

netscreenTrapVpn NOTIFICATION-TYPE
    OBJECTS
        { netscreenTrapType, netscreenTrapDesc }
    STATUS        current
    DESCRIPTION
        "This trap indicates that VPN tunnel status has occured."
    ::= { netscreenTrap 500 }

netscreenTrapNsrp NOTIFICATION-TYPE
    OBJECTS
        { netscreenTrapType, netscreenTrapDesc }
    STATUS        current
    DESCRIPTION
        "This trap indicates that NSRP status has occured."
    ::= { netscreenTrap 600 }

netscreenTrapGPRO NOTIFICATION-TYPE
    OBJECTS
        { netscreenTrapType, netscreenTrapDesc }
    STATUS        current
    DESCRIPTION
        "This trap indicates that some kind of Global PRO problems has
         occurred."
    ::= { netscreenTrap 700 }

netscreenTrapDrp NOTIFICATION-TYPE
    OBJECTS
        { netscreenTrapType, netscreenTrapDesc }
    STATUS        current
    DESCRIPTION
        "This trap indicates that Drp status has occured."
    ::= { netscreenTrap 800 }

netscreenTrapIFFailover NOTIFICATION-TYPE
    OBJECTS
        { netscreenTrapType, netscreenTrapDesc }
    STATUS        current
    DESCRIPTION
        "This trap indicates that interface fail over status has
         occured."
    ::= { netscreenTrap 900 }

netscreenTrapIDPAttack NOTIFICATION-TYPE
    OBJECTS
        { netscreenTrapType, netscreenTrapDesc }
    STATUS        current
    DESCRIPTION
        "This trap indicates that IDP attack status has occured."
    ::= { netscreenTrap 1000 }

netscreenTrapType OBJECT-TYPE
    SYNTAX        INTEGER {

	-- Traffic per-second threshold
	traffic-sec(1),
	-- Traffic per-minute threshold
	traffic-min(2),
	-- Multiple user auth fail alarm type
	multi-auth-fail(3),
        -- Winnuke pak
        winnuke(4),
        -- Syn attack
        syn-attack(5),
        -- tear-drop attack
        tear-drop(6),
        -- Ping of Death attack
        ping-death(7),
        -- IP spoofing attack
        ip-spoofing(8),
        -- IP source routing attack
        ip-src-route(9),
        -- land attack
        land(10),
        -- ICMP flooding attack
        icmp-flood(11),
        -- UDP flooding attack
        udp-flood(12),
        -- Illegal server IP to connect to CMS port
        illegal-cms-svr(13),
        -- URL blocking server connection alarm
        url-block-srv(14),
        -- high availability
        high-availability(15),
        -- Port Scan attack
        port-scan(16),
        -- address sweep attack
        addr-sweep(17),
        -- deny by policy attack
        deny-policy(18),
        -- device is dead
        device-dead(19)
        -- memory low
        low-memory(20),
        -- DNS server unreachable
        dns-srv-down(21),
        -- Fan, Power Supply failure
        generic-HW-fail(22),
        -- Load balance server unreachable
        lb-srv-down(23),
        -- log buffer overflow
        log-full(24),
        -- X509 related
        x509(25),
        -- VPN and IKE related
        vpn-ike(26),
        -- admin realted
        admin(27),
        -- Illegal src ip to connect to sme port
        sme(28),
        -- DHCP related
        dhcp(29),
        -- CPU usage is high
        cpu-usage-high(30),
        -- Interface IP conflict
        ip-conflict(31),
        -- Microsoft IIS server vulnerability
        attact-malicious-url(32),
        -- session threshold is exceeded
        session-threshold(33),
        -- SSH related alarms
        ssh-alarm(34),
        -- Audit storage related alarms
        audit-storage(35),
        -- memory normal
        memory-normal(36),
        -- cpu usage normal
        cpu-usage-normal(37)
        -- driver's rx bd shortage
        rxbd-low-alarm(39),
        -- VPN tunnel from down to up
        vpn-tunnel-up(40),
        -- VPN tunnel from up to down
        vpn-tunnel-down(41),
        -- VPN replay detected
        vpn-replay-attack(42),
        -- VPN tunnel removed
        vpn-l2tp-tunnel-remove(43),    
        -- VPN tunnel removed and error detected 
        vpn-l2tp-tunnel-remove-err(44), 
        -- VPN call removed
        vpn-l2tp-call-remove(45), 
        -- VPN call removed and error detected
        vpn-l2tp-call-remove-err(46),   
        -- Number of IAS exceeds configured maximum
   		vpn-ias-too-many(47),
        -- Number of IAS crossed configured upper threshold
		vpn-ias-over-threshold(48),	
        -- Number of IAS crossed configured lower threshold
		vpn-ias-under-threshold(49),	
        -- IKE error occured for the IAS session
		vpn-ias-ike-error(50),	
        -- allocated session exceed threshold
        allocated-session-threshold(51),
        -- av-csp related alarm
        av-csp-alarm(52),
        -- av related alarm
        av-alarm(53),
        -- apppry related alarm
        apppry-alarm(54),
        -- NSRP rto self unit status change from up to down
        nsrp-rto-up(60),
        -- NSRP rto self unit status change from down to up
        nsrp-rto-down(61),
        -- NSRP track ip successed
        nsrp-trackip-success(62),
        -- NSRP track ip failed
        nsrp-trackip-failed(63),
        -- NSRP track ip fail over
        nsrp-trackip-failover(64),
        -- NSRP inconsistent configuration between master and backup
        nsrp-inconsistent-configuration(65),
        -- track ip status related alarm
        trackip-status(66),
        -- NSRP vsd group status change to elect
        nsrp-vsd-init(70),
        -- NSRP vsd group status change to master
        nsrp-vsd-master(71),
        -- NSRP vsd group status change to primary backup
        nsrp-vsd-pbackup(72),
        -- NSRP vsd group status change to backup
        nsrp-vsd-backup(73),
        -- NSRP vsd group status change to ineligible
        nsrp-vsd-ineligible(74),
        -- NSRP VSD group status change to inoperable
        nsrp-vsd-inoperable(75),
        -- NSRP VSD request heartbeat from 2nd HA path
        nsrp-vsd-req-hearbeat-2nd(76),
        -- NSRP VSD reply to 2nd path request
        nsrp-vsd-reply-2nd(77),
        -- NSRP duplicated RTO group found
        nsrp-rto-duplicated(78),
        -- NSRP duplicated VSD group master
        ip-dup-master(79),
        -- MEM cannot find usable memory for current pool
        di-heap-create-fail(80),
        -- MEM cannot find usable in any pool
        mem-alloc-fail(81),
        -- VRRP status related alarm
        vrrp-status-alarm(82),
        -- SCCP related alarm
        sccp-alarm(83),
        -- MGCP related alarm
        mgcp-reinit(84),
        -- MLFR related alarm
        mlfr-alarm(85),
        -- FR related alarm
        fr-alarm(86),
        -- CISCO HDLC related alarm
        cisco-hdlc-alarm(87),
        -- PPPOW related alarm
        pppow-alarm(88),
        -- H323 related alarm
        h323-alarm(89),
        -- ISDN related alarm
        isdn-alarm(90),
  		-- interface backup 
		interface-backup(91), 
  		-- Card function is abnormal 
		wan-card-function(92), 
  		-- A USB key is plug/unplug from USB port 
		usb-device-operation(93), 
  		-- interface failure 
		interface-failure(94), 
        -- No ppp IP pool configured 
        ppp-no-ip-cfg(95),   
        -- IP pool exhausted. No ip to assign
        ppp-no-ip-in-pool(96), 
        -- Any change to interface IP address can use the type 
       	ip-addr-event(101),			
        -- DIP utilization reaches raised threshold limit
		dip-util-raise(102),		
        -- DIP utilization reaches clear threshold limit
		dip-util-clear(103),	
        -- DOT1X related alarm
        dot1x-alarm(105),
        -- VPN IAS radius error
        vpn-ias-radius-error(110),
        -- VPN IKEID enum attack
        vpn-ikeid-enum-attack(111),
        -- VPN soft limit reached
        vpn-softlimit-reached(112),
        -- VPN IKE dos attack
        vpn-ikedos-attack(113),
        -- VPN acvpn profile error
        vpn-acvpn-profile-error(114),
	-- exceed maximum routing entry allowed for the system 
	route-sys-entry-ex(200),
	-- exceed maximum routing entry allowed for a vr
	route-vr-entry-ex(201),
	-- exceed the hello packet threshold per hello interval 
	route-ospf-hello-flood(202),
	-- exceed the lsa packet threshold per lsa threshold 
	route-ospf-lsa-flood(203),
	-- exceed the update4 packet threshold per update time in rip
	route-rip-update-flood(204),
	-- Errors in route module (exceed limit, malloc failure, add-perfix failure etc) 
	route-alarm(205),
	-- LSA/Hello packets flood in OSPF, route redistribution exceed limit, 
	ospf-flood(206),
	-- Update packet floods in RIP 
	rip-flood(207),
	-- Peer forms adjacency completely
	bgp-established(208),
	-- Peer's adjacency is torn down, goes to Idle state
	bgp-backwardtransition(209),
	-- change in virtual link's state (down, point-to-point etc)
	ospf-virtifstatechange(210),
	-- change in neighbor's state on regular interface (down, 2way, full etc)
	ospf-nbrstatechange(211),
	-- change in neighbor's state on virtual link (down, full etc)
	ospf-virtnbrstatechange(212),
	-- authentication mismatch/area mismatch etc on regular interface
	ospf-ifconfigerror(213),
	-- authentication mismatch/area mismatch etc on virtual link
	ospf-virtifconfigerror(214),
	-- Authentication eror on regular interface
	ospf-ifauthfailure(215),
	-- Authentication eror on virtual link
	ospf-virtifauthfailure(216),
	-- lsa received with invalid lsa-type on regular interface
	ospf-ifrxbadpacket(217),
	-- lsa received with invalid lsa-type on virtual link
	ospf-virtifrxbadpacket(218),
	-- retransmission to neighbor on regular interface
	ospf-txretransmit(219),
	-- retransmission to neighbor on virtual link
	ospf-virtiftxretransmit(220),
	-- new LSA generated by local router
	ospf-originatelsa(221),
	-- LSA aged out
	ospf-maxagelsa(222),
	-- when total LSAs in database exceed predefined limit
	ospf-lsdboverflow(223),
	-- when total LSAs in database approach predefined limit
	ospf-lsdbapproachingoverflow(224),
	-- change in regular interface state (up/down, dr/bdr etc)
	ospf-ifstatechange(225),
	-- BGP related alarm  
	bgp-alarm(226),
	-- packet floods in RIPng 
	ripng-flood(227),
	-- exceed the update4 packet threshold per update time in ripng
	route-ripng-update-flood(228),
	-- PBR related alarm  
	pbr-alarm(229),
	-- NHRP related alarm  
	nhrp-alarm(230),
	-- OSPFV3 related alarm  
	ospfv3-alarm(231),
        -- block java/active-x component
        ids-component(400),
        -- icmp flood attack
        ids-icmp-flood(401),
        -- udp flood attack
        ids-udp-flood(402),
        -- winnuke attack
        ids-winnuke(403),
        -- port scan attack
        ids-port-scan(404),
        -- address sweep attack
        ids-addr-sweep(405),
        -- tear drop attack
        ids-tear-drop(406),
        -- syn flood attack
        ids-syn(407),
        -- ip spoofing attack
        ids-ip-spoofing(408),
        -- ping of death attack
        ids-ping-death(409),
        -- filter ip packet with source route option
        ids-ip-source-route(410),
        -- land attack
        ids-land(411),
        -- screen syn fragment attack
        syn-frag-attack(412),
        -- screen tcp packet without flag attack
        tcp-without-flag(413),
        -- screen unknown ip packet
        unknow-ip-packet(414),
        -- screen bad ip option
        bad-ip-option(415),
        -- screen ip option record
        ip-option-record(416),
        -- screen ip option timestamp 
        ip-option-timestamp(417),
        -- screen ip option scht
        ip-option-scht(418),
        -- screen ip option lsr
        ip-option-lsr(419),
        -- screen ip option ssr
        ip-option-ssr(420),
        -- screen ip option stream
        ip-option-stream(421),
        -- screen icmp fragment packet
        icmp-fragment(422),
        -- screen too large icmp packet
        too-large-icmp(423),
        -- screen tcp flag syn-fin set
        tcp-syn-fin(424),
        -- screen tcp fin without ack
        tcp-fin-no-ack(425),
        -- screen mal url
        tcp-mal-url(426),
        -- screen sess mal num
        tcp-sess-mal-num(427),
        -- avoid replying to syns after excessive 3 way TCP handshakes from
        -- same src ip but not proceeding with user auth. (not replying to
        -- username/password)..
        ids-tcp-syn-ack-ack(428),
        -- ip fragment
        ids-ip-block-frag(429),
        -- Dst IP-based session limiting
        dst-ip-session-limit(430),
        -- HTTP component blocking for .zip files
        ids-block-zip(431),
        -- HTTP component blocking for Java applets
        ids-block-jar(432),
        -- HTTP component blocking for .exe files
        ids-block-exe(433),
        -- HTTP component blocking for ActiveX controls
        ids-block-activex(434),
        -- screenos tcp syn mac
        tcp-syn-mac(435),
        -- screenos nac attack
        ids-nac-attack(436),
        -- icmp ping id 0
        ids-icmp-ping-id-zero(441),
        -- tcp sweep
        tcp-sweep(442),
        -- udp sweep
        udp-sweep(443),
		-- AV Scan Manager Alarm, sofeware trap 
		av-scan-mgr(554), 
        -- starting value for multicast alarm
        mcast-base(600),
        -- mcore related alarm
        mcore-alarm(601),
        -- spim related alarm
        spim-alarm(602),
        -- starting value for Security Module alarm
        sm-base(700),
        -- Security Module down detected
        sm-down(701),
        -- Security Module packet droped detected
        sm-packet-drop(702),
        -- Security Module memory, CPU and session detected
        sm-overload(703),
        -- Security Module CPU unresponsive detected
        sm-cpu-unresponsive(704),
        -- Security Module Engine unresponisve
        sm-cpu-unresponsive(705),
        -- Secruity Module Policy Abnormal
        sm-policy-abnormal(706),
        -- switch alarm
        switch(751),
        -- sfp alarm
        sfp(752), 
        --Shared to fair transition forced
        cpu-limit-s2f-forced(800),   
        --Shared to fair transition auto
        cpu-limit-s2f-auto(801),     
        --Fair to shared transition forced
        cpu-limit-f2s-forced(802),   
        --Fair to shared transition because of timeout
        cpu-limit-f2s-timeout(803),  
        --Fair to shared transition auto 
        cpu-limit-f2s-auto(804),      
        --Flow potential violation
        sec-potential-voilation(805),  
        --Flow session cache alarm 
        flow-sess-cache(806),      
        --vsys session limit alarm 
        vsys-session-limit(850)      
    }
    MAX-ACCESS    accessible-for-notify
    STATUS        current
    DESCRIPTION
        "The integer value of the raised alarm type. Note that the type
         should be interpreted within a specific trap"
    ::= { netscreenTrapInfo 1 }

netscreenTrapDesc OBJECT-TYPE
    SYNTAX        DisplayString (SIZE(0..255))
    MAX-ACCESS    accessible-for-notify
    STATUS        current
    DESCRIPTION
        "The textual description of the alarm"
    ::= { netscreenTrapInfo 3 }

END


