CISCO-SERVICE-CONTROL-ATTACK-MIB Download
This MIB provides data related to different types of
attacks detected by a service control entity.
A service control entity is a network device which monitors and
controls traffic. The service control entity is used as a
platform for different service control applications which may
perform monitoring operations beyond packet counting and delve
deeper into the contents of network traffic. It provides
programmable stateful inspection of bidirectional
traffic flows and maps these flows with user/subscriber
ownership.
An attack is a malicious network activity with certain traffic
characteristics and which is targeted on a certain network
entity. An attack can be identified by its type, direction,
source address, destination address and ports.
Once an attack is detected, an attack filter is activated based
on the type of the attack and corresponding actions are taken
in
the monitored network - this is referred to as attack start.
For example the attack filter can drop the attacking traffic.
When the attack detector identifies that the attack
characteristics are no longer exist, it ends the mitigation
action - what is referred to as attack end. The attack
mitigation action is also referred to as attack filtering in
this MIB.
The time duration of attack filtering between attack start to
attack end along with the direction (upstream, downstream) is
also maintained by the service control entity. Attack
filtering
can be applied from the subscriber side to the network side, in
the upstream direction. The downstream attack filtering is
done
from the network side to the subscriber side.
This MIB also defines notifications generated by the service
control entity when an attack is detected on a monitored
network.
IPHost Network Monitor offer an easy way of SNMP monitoring your Cisco Servers, Routers, Switches, Bridges,
Firewalls, Repeaters.
OID list for CISCO-SERVICE-CONTROL-ATTACK-MIB
- cscaTypeTable
- This table lists the aggregated statistics for each detected attack in a network controlled by a service control entity.
- cscaTypeEntry
- This entry contains information for an attack detected by the service control entity. The service control entity can report a number of attack types, the cscaTypeTable is created during the initialization of the service control entity and is valid while t ...
- cscaTypeIndex
- This object uniquely identifies the attack type.
- cscaTypeCurrentNumAttacks
- This object indicates the current number of ongoing attacks of this type, that the service control entity has detected in the network.
- cscaTypeTotalNumAttacks
- This object indicates the total number of attacks of this type since the last discontinuity.
- cscaTypeTotalNumFlows
- This object indicates the total number of IP flows on which this type of attack has been detected, since the last discontinuity.
- cscaTypeTotalNumSeconds
- This object indicates the accumulated duration in seconds belonging to this attack type, since the last discontinuity.
- cscaTypeOriginatedByNetworkSide
- This object indicates whether this attack type is originated from the Network side or from the Subscriber side.
- cscaTypeProtocol
- This enumerated object indicates the protocol type for this type of attack (TCP/UDP/ICMP/etc). The values for this object are: (1) TCP (2) UDP (3) ICMP (4) Other
- cscaTypeIsPortSpecific
- This object indicates whether the attack type is port-specific or not.
- cscaTypeIPsDetected
- This object indicates which IPs are detected in this type of attack. The enumerated values are: (1) Originating Side IP is detected. (2) Attacked Side IP is detected. (3) Both side IPs are detected.
- cscaInfoTable
- This table lists information for attack mitigation, also referred to as attack filtering, done by a service control entity in the monitored network.
- cscaInfoEntry
- This entry contains information about attack mitigation done by a physical service control entity, for attacks which it has detected.
- cscaInfoUpStreamAttackFilteringTime
- This object indicates the cumulative time during which attacks in the up-stream direction were filtered.
- cscaInfoUpStreamLastAttackFilteringTime
- This object indicates the time since the previous attack in the upstream direction has ended. Attack end is reached when the service control entity attack detector identifies that the attack characteristics (like high flow rate) no longer exist, and the ...
- cscaInfoDownStreamAttackFilteringTime
- This object indicates the cumulative time during which attacks in the down-stream direction were filtered.
- cscaInfoDownStreamLastAttackFilteringTime
- This object indicates the time since the previous attack in the downstream direction has ended. Attack end is reached when the service control entity attack detector identifies that the attack characteristics (like high flow rate) no longer exist, and th ...
- cscaType
- This object indicates the type of an attack detected and reported by the service control entity. There are numerous attack types, based on the service control entity's definition. The service control entity monitors and mitigates a predefined set of atta ...
- cscaSourceAddressType
- This object indicates the address type for cscaSourceAddress.
- cscaSourceAddress
- This object indicates the network address that is the source end point of this attack.
- cscaDestinationAddressType
- This object indicates the address type for cscaDestinationAddress.
- cscaDestinationAddress
- This object indicates the network address that is the destination end point of this attack.
- cscaAttackedPort
- This object indicates the port on which this attack occurs, if relevant for this type of attack.
- cscaFilterStatus
- This object indicates the status of the filter for this attack. The values for this object are '1' (activated) and '2' (de-activated).
- cscaNotifsEnabled
- This object specifies whether the system generates the cscaFilterChange notification.
- cscaLastDiscontinuityTimeStamp
- This object indicates the value of sysUpTime when the last discontinuity occurred.
- cscaMIBAttackTypeObjectGroup
- A collection of objects which provides attack information.
- cscaMIBAttackInfoObjectGroup
- A collection of objects which provides attack filtering times for upstream and down stream attacks.
- cscaFilterObjectGroup
- A collection of objects which define each attack filter and its status.
- cscaMIBNotifControlGroup
- A collection of object(s) to control the enable/disable state of notification generation.
Download IPHost Network Monitor (500 monitors for 30 days, 50 monitors free forever) to start monitoring network devices right now.
