AT-DOS-MIB: View SNMP OID List / Download MIB

VENDOR: ALLIED TELESIS


 Home MIB: AT-DOS-MIB
Download as:   
AT-SMI-MIBSNMPv2-CONFSNMPv2-TCSNMPv2-SMI

Download standard MIB format if you are planning to load a MIB file into some system (OS, Zabbix, PRTG ...) or view it with a MIB browser. CSV is more suitable for analyzing and viewing OID' and other MIB objects in excel. JSON and YAML formats are usually used in programing even though some systems can use MIB in YAML format (like Logstash).
Keep in mind that standard MIB files can be successfully loaded by systems and programs only if all the required MIB's from the "Imports" section are already loaded.
The tree-like SNMP object navigator requires no explanations because it is very simple to use. And if you stumbled on this MIB from Google note that you can always go back to the home page if you need to perform another MIB or OID lookup.


Object Name OID Type Access Info
 dosDefense 1.3.6.1.4.1.207.8.4.4.4.143
The Denial of Service defense MIB for managing defenses against denial of service attacks.
         dosDefenseStatus 1.3.6.1.4.1.207.8.4.4.4.143.1 integer read-only
Whether or not the DoS defense module is currently enabled Enumeration: 'disabled': 2, 'enabled': 1.
         dosDefenseDebugMode 1.3.6.1.4.1.207.8.4.4.4.143.2 bits read-only
The debugging options enabled for DoS defense. Output goes to the asynchronous port or telnet session that enabled debugging. The bit 'None(0)' indicates that no debugging is enabled. The bit 'Attack(1)' indicates that information about the start and finish of attacks is displayed. The bit 'Packet(2)' indicates that a hexadecimal dump of the IP header of all suspect packets is displayed. The bit 'Diagnostics(3)' indicates that additional debugging and diagnostic messages may be displayed. Bits: 'none': 0, 'packet-diagnostics': 5, 'packet': 1, 'packet-attack': 3, 'attack-diagnostics': 6, 'attack': 2, 'diagnostics': 4, 'packet-attack-diagnostics': 7.
         dosDefenseNumDebugPackets 1.3.6.1.4.1.207.8.4.4.4.143.3 integer read-only
When packet debugging is enabled, this is the maximum number of packets that will be displayed before debugging is automatically disabled. A value of 0 means no limit (i.e. continuous). Enumeration: 'continuous': 0.
         dosDefenseTable 1.3.6.1.4.1.207.8.4.4.4.143.4 no-access
A table of configuration and status information for each defense configured on a port.
             dosDefenseEntry 1.3.6.1.4.1.207.8.4.4.4.143.4.1 no-access
The configuration and status of the defense against a single attack type on a single port.
                 dosDefensePort 1.3.6.1.4.1.207.8.4.4.4.143.4.1.1 integer read-only
The port index on which the defense is configured.
                 dosDefenseAttackType 1.3.6.1.4.1.207.8.4.4.4.143.4.1.2 integer read-only
The type of attack this defense protects against. Enumeration: 'pingOfDeath': 2, 'none': 7, 'land': 5, 'synFlood': 1, 'teardrop': 6, 'smurf': 3, 'ipOptions': 4.
                 dosDefenseDefenseStatus 1.3.6.1.4.1.207.8.4.4.4.143.4.1.3 integer read-only
Whether or not this attack is currently enabled on this port. Enumeration: 'disabled': 2, 'set': 3, 'enabled': 1.
                 dosDefenseThreshold 1.3.6.1.4.1.207.8.4.4.4.143.4.1.4 integer read-only
The threshold, in packets per second, at which an attack is deemed to be in progress. If dosDefenseAttackType is SYNFlood(1), a value of 0 means no threshold has been set and the default thresholds apply. An attack is suspected when the SYN:ACK ratio exceeds 2:1 above 20 packets per second, in any one-second interval. An attack is in progress when the SYN:ACK ratio exceeds 3:1 above 20 packets per second, in any one-second interval, or an attack is suspected more than once within a dosDefenseBlockTime interval. If dosDefenseAttackType is Smurf(3), a value of 0 means the filter will block all broadcast ICMP requests. A threshold greater than 0 will block after that number of ICMP requests are received in a 1 second interval.
                 dosDefenseBlockTime 1.3.6.1.4.1.207.8.4.4.4.143.4.1.5 integer read-only
The time, in seconds, that must elapse after the last malicious packet is seen, before an attack is deemed to have finished and the port stops blocking traffic. If dosDefenseAttackType is SYNFlood(1), it is also the maximum time an attack is suspected before it returns to a state of no attack.
                 dosDefenseMirroring 1.3.6.1.4.1.207.8.4.4.4.143.4.1.6 truthvalue read-only
Whether or not suspect traffic received by this port is copied to the pre-configured mirror port.
                 dosDefensePortType 1.3.6.1.4.1.207.8.4.4.4.143.4.1.7 integer read-only
If dosDefenseAttackType is Land(6), the type of port. For other values of dosDefenseAttackType, this object returns notapplicable(0). A device connected to a client(1) port should have an IP address in the local subnet, and be the original source or ultimate destination of packets transiting the network. Incoming packets should have a source address in the local subnet. Outgoing packets should have a destination address in the local subnet. A gateway(2) port is connected directly to a gateway device attached to external networks. Apart from a small number of packets from the gateway device itself, all packets arriving at the gateway port should be from other subnets. Incoming packets should have a source address not in the local subnet. Outgoing packets should have a destination address not in the local subnet. Enumeration: 'notApplicable': 0, 'client': 1, 'gateway': 2.
                 dosDefenseSubnetAddress 1.3.6.1.4.1.207.8.4.4.4.143.4.1.8 ipaddress read-only
If dosDefenseAttackType is Smurf(3), the subnet address is used to determine the local broadcast address. If dosDefenseAttackType is Land(6), the subnet address used to determine which addresses are local or remote. For other values of dosDefenseAttackType, this object returns 0.0.0.0.
                 dosDefenseSubnetMask 1.3.6.1.4.1.207.8.4.4.4.143.4.1.9 ipaddress read-only
If dosDefenseAttackType is Smurf(3), the subnet mask is used to determine the local broadcast address. If dosDefenseAttackType is Land(6), the subnet mask used to determine which addresses are local or remote. For other values of dosDefenseAttackType, this object returns 0.0.0.0.
                 dosDefenseAttackState 1.3.6.1.4.1.207.8.4.4.4.143.4.1.10 integer read-only
Whether or not an attack is currently in progress on the port. None(0) means no attack is in progress. If dosDefenseAttackType is SYNFlood(1), Suspected(1) means a SYN Flood attack is suspected. A threshold has not been set, and the default threshold of a SYN:ACK ratio of 2:1 above 20 packets per second has been reached. If dosDefenseAttackType is PingOfDeath(2), Teardrop(5) or Land(6), Suspected means that some suspect packets have been received but have not yet been analysed to determine if an attack exists. InProgress(2) means an attack is in progress. Enumeration: 'suspected': 1, 'none': 0, 'inProgress': 2.
                 dosDefenseAttackCount 1.3.6.1.4.1.207.8.4.4.4.143.4.1.11 counter32 read-only
The number of attacks (attacked seconds) detected on this port.
                 dosDefenseRemainingBlockTime 1.3.6.1.4.1.207.8.4.4.4.143.4.1.12 integer read-only
The time remaining
         dosDefenseTraps 1.3.6.1.4.1.207.8.4.4.4.143.5
             dosDefenseAttackStart 1.3.6.1.4.1.207.8.4.4.4.143.5.1
Triggered when an attack is detected on a port.
             dosDefenseAttackEnd 1.3.6.1.4.1.207.8.4.4.4.143.5.2
Triggered when an attack is finished on a port. This occurs after an attack packet has not been seen for a complete BlockTime period.