1-- ============================================================================= 2-- Copyright (c) 2004-2012 New H3C Tech. Co., Ltd. All rights reserved. 3-- 4-- Description: 5-- The file defines a MIB to provide wireless detection service feature. 6-- Reference: 7-- Version: V1.7 8-- History: 9-- V1.0 created by shiyang (Richard) 10-- Initial version 2006-08-20 11-- V1.1 2007-05-16 modified by shiyang (Richard) 12-- Add new objects of hh3cDot11UnauthorSSIDName and hh3cDot11WIDSAPID. 13-- V1.2 2007-06-19 modified by Deepthi 14-- Changed the hh3cDot11RogueAPVendorOUI to hh3cDot11RogueAPVendorName, 15-- Type : OCTET STRING and the Size list: 1: 3 should be removed. 16-- Changed the hh3cDot11RogueStaVendorOUI to hh3cDot11RogueStaVendorName, 17-- Type : OCTET STRING and the Size list: 1: 3 should be removed. 18-- Changed the field hh3cDot11DetectMaxAPSigStrength in 19-- hh3cDot11WIDSRogueAPExtTable to hh3cDot11DetectCurAPSigStrength to 20-- hh3cDot11DetectCurAPSigStrength 21-- Changed the field hh3cDot11DetectMaxStaSigStrength 22-- Hh3cDot11WIDSRogueStaExtEntry in hh3cDot11WIDSRogueStaExtTable to 23-- hh3cDot11DetectCurStaSigStrength 24-- Add new node hh3cDot11WIDSPermitVendorName in 25-- hh3cDot11WIDSPermitVendorEntry 26-- Remove the field Country Spec(2), ChannelSpec(3) in 27-- hh3cDot11WIDSGlobalConfigGroup in hh3cDot11WIDSScanMode. 28-- Obsolete the node hh3cDot11WIDSScanChannelList in 29-- hh3cDot11WIDSGlobalConfigGroup 30-- Add the node hh3cDot11WIDSScanType to hh3cDot11WIDSGlobalConfigGroup 31-- V1.3 2008-07-25 modified by heziqi 32-- Add new node hh3cDot11CntMsrEnable, hh3cDot11CntMsrMode, 33-- hh3cDot11DevAgingTime, hh3cDot11DynBlkListEnable, 34-- hh3cDot11DynBlkListLifeTime, hh3cDot11FloodAtkDctEnable, 35-- hh3cDot11SpoofAtkDctEnable, hh3cDot11WeakIVAtkDctEnable, 36-- hh3cDot11ResetWIDSRogueHistory, hh3cDot11ResetWIDSHistroy, 37-- hh3cDot11ResetWIDSStatistics, hh3cDot11ResetAllDynBlkList, 38-- hh3cDot11ResetAllStcBlkList, hh3cDot11ResetAllWhtBlkList, 39-- hh3cDot11ResetAllDctRogueAP, hh3cDot11ResetAllDctRogueSta, 40-- hh3cDot11ResetAllDctAdhoc, hh3cDot11ResetAllDctDevice, 41-- hh3cDot11ResetAllDctSSID in hh3cDot11WIDSGlobalConfigGroup. 42-- Add new node hh3cDot11PermitSSIDDetected 43-- in hh3cDot11WIDSPermitSSIDTable. 44-- Add new node hh3cDot11IgnoreMACDetected, hh3cDot11IgnoreDevType 45-- in hh3cDot11WIDSIgnoreListTable. 46-- Add new table hh3cDot11StaticWhiteListTable, 47-- hh3cDot11StaticBlackListTable, hh3cDot11WIDSRogueAPTable, 48-- hh3cDot11WIDSRogueStaTable, hh3cDot11WIDSDetectedDevTable, 49-- hh3cDot11WIDSRptAPTable, hh3cDot11DynBlackListTable, 50-- hh3cDot11WIDSRogueHistoryTable, hh3cDot11WIDSAtkHistroyTable 51-- in hh3cDot11WIDSDetectGroup. 52-- Add hh3cDot11WIDSAtkStatis in hh3cDot11WIDSDetectGroup. 53-- Add notification hh3cDot11WIDSDetectAttack and 54-- hh3cDot11WIDSDetectWBridge. 55-- V1.4 2009-05-07 modified by Li Yugang, Wang Shaojie, Sun Shuai 56-- Add hh3cDot11WidsFloodInterval, hh3cDot11WidsBlackListThreshold, 57-- hh3cDot11SSIDFilterOnOff, hh3cDot11BSSIDFilterOnOff to 58-- hh3cDot11WIDSGlobalConfigGroup. 59-- Add hh3cDot11WIDSPermitBSSIDTable to hh3cDot11WIDSConfigGroup. 60-- Add hh3cDot11WIDSFloodTrap, hh3cDot11WIDSSpoofTrap, 61-- hh3cDot11WIDSWeakIVTrap to hh3cDot11WIDSTraps. 62-- Add hh3cDot11MonitorAPID,hh3cDot11MonitorApRadioID, 63-- hh3cDot11WIDSAtkMac, hh3cDot11WIDSAtkFrameType 64-- to hh3cDot11WIDSTrapVarObjects. 65-- V1.5 2009-07-29 modified by heziqi 66-- Add new node hh3cDot11WIDSDevSnr for hh3cDot11WIDSDetectedDevTable. 67-- V1.6 2010-01-07 modified by Wang Shaojie 68-- Add new node hh3cDot11RogueAPFirstDetectTmStr, 69-- hh3cDot11RogueAPLastDetectTmStr to hh3cDot11WIDSRogueAPTable 70-- Add new node hh3cDot11RogueStaFirstDetectTmStr, 71-- hh3cDot11RogueStaLastDetectTmStr to hh3cDot11WIDSRogueStaTable 72-- Add hh3cDot11WIDSAtkChannel, hh3cDot11WIDSAtkTime, 73-- hh3cDot11WIDSAtkDestMac to hh3cDot11WIDSTrapVarObjects. 74-- 2010-03-18 Modified by Deng Gaoliang 75-- Add hh3cDot11BlackListTable 76-- 2010-05-31 Modified by LiuChen 77-- Add new node hh3cDot11DynBlackListTimeTicks to 78-- hh3cDot11DynBlackListTable. 79-- Add new node hh3cDot11BlackListTimeTicks to 80-- hh3cDot11BlackListTable. 81-- V1.7 2011-10-28 modified by jiaolibin 82-- Add hh3cDot11WIDSFirstTrapTime to hh3cDot11WIDSTrapVarObjects and 83-- varialbe bingings hh3cDot11WIDSFirstTrapTime for hh3cDot11WIDSFloodTrap, 84-- hh3cDot11WIDSSpoofTrap,hh3cDot11WIDSWeakIVTrap. 85-- ============================================================================= 86HH3C-DOT11-WIDS-MIB DEFINITIONS ::= BEGIN 87 88IMPORTS 89 TruthValue, 90 MacAddress, 91 RowStatus, 92 DateAndTime, 93 TEXTUAL-CONVENTION 94 FROM SNMPv2-TC 95 MODULE-IDENTITY, 96 OBJECT-TYPE, 97 NOTIFICATION-TYPE, 98 Integer32, 99 Unsigned32, 100 TimeTicks 101 FROM SNMPv2-SMI 102 hh3cDot11, 103 Hh3cDot11SSIDStringType, 104 Hh3cDot11ChannelScopeType, 105 Hh3cDot11RadioScopeType, 106 Hh3cDot11ObjectIDType, 107 Hh3cDot11RadioType 108 FROM HH3C-DOT11-REF-MIB; 109 110hh3cDot11WIDS MODULE-IDENTITY 111 LAST-UPDATED "201005311800Z" -- May 31, 2010 at 18:00 GMT 112 ORGANIZATION 113 "New H3C Technologies Co., Ltd." 114 CONTACT-INFO 115 "Platform Team New H3C Technologies Co., Ltd. 116 Hai-Dian District Beijing P.R. China 117 http://www.h3c.com 118 Zip: 100085" 119 DESCRIPTION 120 "This MIB provides information about WIDS feature. 121 122 GLOSSARY 123 124 Wireless Intrusion Detection Sensor (WIDS) 125 WIDS is designed to be employed in an area that is serviced 126 by an existing wireless network. 127 It aids in the early detection of malicious outsider attacks 128 and intrusions via wireless networks. 129 130 Rogue AP 131 A rogue access point is any Wi-Fi access point connected to 132 the network without authorization. 133 As it is not authorized, if there is any weakness in 134 the AP, the hacker will have chance to compromise the 135 network. 136 137 Rogue Station 138 It is similiar to Rogue AP, while it is a station. 139 140 Monitor AP 141 An AP will scan or listen to the air, and try to detect 142 wireless attack in the network. 143 Some AP products will work only in monitor role, while some 144 AP products could switch between normal AP role (only 145 provide wireless access service)and monitor AP role. 146 147 Ad Hoc Mode 148 Station could work under Ad hoc mode, then they 149 could directly do peer-to-peer communication without 150 other device support." 151 152 REVISION "201005311800Z" -- May 31, 2010 at 18:00 GMT 153 DESCRIPTION 154 "Modified to add new nodes." 155 REVISION "200907291800Z" -- Jul 29, 2009 at 18:00 GMT 156 DESCRIPTION 157 "Modified to add new nodes." 158 REVISION "200905072000Z" -- May 7, 2009 at 20:00 GMT 159 DESCRIPTION 160 "Add new nodes and table to support new featrues of WIDS." 161 REVISION "200807251900Z" -- July 23, 2008 at 19:00 GMT 162 DESCRIPTION 163 "Add new nodes to support new featrues of WIDS." 164 REVISION "200706191900Z" -- June 19, 2007 at 19:00 GMT 165 DESCRIPTION 166 "To fix bugs in the MIB file." 167 REVISION "200705161900Z" -- May 16, 2007 at 19:00 GMT 168 DESCRIPTION 169 "To fix bugs in the MIB file." 170 REVISION "200608201900Z" -- August 20, 2006 at 19:00 GMT 171 DESCRIPTION 172 "The initial revision of this MIB module." 173 ::= { hh3cDot11 5 } 174 175-- ================================================================== 176-- Textual Conventions 177-- ================================================================== 178 179Hh3cDot11WIDSDevType ::= TEXTUAL-CONVENTION 180 STATUS current 181 DESCRIPTION 182 "The type of device detected." 183 SYNTAX INTEGER 184 { 185 client(1), 186 ap(2), 187 adhoc(3), 188 wirelessBridge(4), 189 unknown(5) 190 } 191 192Hh3cDot11WIDSDevPermitType ::= TEXTUAL-CONVENTION 193 STATUS current 194 DESCRIPTION 195 "Represents whether the detected device is permitted or a rogue." 196 SYNTAX INTEGER 197 { 198 permit(1), 199 rogue(2) 200 } 201 202Hh3cDot11WIDSAtkType ::= TEXTUAL-CONVENTION 203 STATUS current 204 DESCRIPTION 205 "The type of attack. 206 This object has following defined values: 207 'act': Action Frame 208 'asr': Association Request 209 'aur': Authentication Request 210 'daf': Deauthentication Frame 211 'dar': Disassociation Request 212 'ndf': Null Data Frame 213 'pbr': Probe Request 214 'rar': Reassociation Request 215 'saf': Spoofed Disassociation Frame 216 'sdf': Spoofed Deauthentication Frame 217 'wiv': Weak IV Detected" 218 SYNTAX INTEGER 219 { 220 act(1), 221 asr(2), 222 aur(3), 223 daf(4), 224 dar(5), 225 ndf(6), 226 pbr(7), 227 rar(8), 228 saf(9), 229 sdf(10), 230 wiv(11), 231 unknown(12) 232 } 233 234 235-- ***************************************************************************** 236-- * Major sections 237-- ***************************************************************************** 238-- WIDS Configuration Group 239-- DEFINED AS "The group to provide the configuration information 240-- for WIDS." 241hh3cDot11WIDSConfigGroup OBJECT IDENTIFIER ::= { hh3cDot11WIDS 1 } 242-- The Configuration Group has the following children: 243hh3cDot11WIDSGlobalConfigGroup OBJECT IDENTIFIER 244 ::= { hh3cDot11WIDSConfigGroup 1 } 245-- hh3cDot11WIDSPermitVendorTable ::= { hh3cDot11WIDSConfigGroup 2 } 246-- hh3cDot11WIDSPermitSSIDTable ::= { hh3cDot11WIDSConfigGroup 3 } 247-- hh3cDot11WIDSIgnoreListTable ::= { hh3cDot11WIDSConfigGroup 4 } 248-- hh3cDot11WIDSAttackListTable ::= { hh3cDot11WIDSConfigGroup 5 } 249 250-- WIDS detection Group 251-- DEFINED AS "The group to provide the detection information 252-- for WIDS." 253hh3cDot11WIDSDetectGroup OBJECT IDENTIFIER ::= { hh3cDot11WIDS 2 } 254-- The detection Group has the following children: 255-- hh3cDot11WIDSRogueAPTable ::= { hh3cDot11WIDSDetectGroup 1 } 256-- hh3cDot11WIDSRogueAPExtTable ::= { hh3cDot11WIDSDetectGroup 2 } 257-- hh3cDot11WIDSRogueStaTable ::= { hh3cDot11WIDSDetectGroup 3 } 258-- hh3cDot11WIDSRogueStaExtTable ::= { hh3cDot11WIDSDetectGroup 4 } 259 260-- WIDS Notification 261-- DEFINED AS "The notification for WIDS feature." 262hh3cDot11WIDSNotifyGroup OBJECT IDENTIFIER ::= { hh3cDot11WIDS 3 } 263 264-- ***************************************************************************** 265-- * hh3cDot11WIDSGlobalConfigGroup Definition 266-- ***************************************************************************** 267hh3cDot11WIDSScanMode OBJECT-TYPE 268 SYNTAX INTEGER 269 { 270 all(1), 271 auto(2) 272 } 273 MAX-ACCESS read-write 274 STATUS current 275 DESCRIPTION 276 "Represents the scope of channels to be scanned. 277 The following value are supported 278 all(1) - Do scan on all the channels. 279 auto(2) - Do scan for the channels that automatically 280 selected by WIDS." 281 DEFVAL { auto } 282 ::= { hh3cDot11WIDSGlobalConfigGroup 1 } 283 284hh3cDot11WIDSScanChannelList OBJECT-TYPE 285 SYNTAX OCTET STRING(SIZE(0..128)) 286 MAX-ACCESS read-write 287 STATUS obsolete 288 DESCRIPTION 289 "Represents the channel scope to be scanned when 290 hh3cDot11WIDSScanMode is configurated as channelSpec mode. 291 Each channel value will be separated by comma character." 292 ::= { hh3cDot11WIDSGlobalConfigGroup 2 } 293 294hh3cDot11CntMsrMode OBJECT-TYPE 295 SYNTAX BITS 296 { 297 rogue(0), 298 adhoc(1), 299 config(2) 300 } 301 MAX-ACCESS read-write 302 STATUS current 303 DESCRIPTION 304 "Represents the countermeasures mode." 305 ::= { hh3cDot11WIDSGlobalConfigGroup 3 } 306 307hh3cDot11DevAgingTime OBJECT-TYPE 308 SYNTAX Integer32(300..1800) 309 UNITS "second" 310 MAX-ACCESS read-write 311 STATUS current 312 DESCRIPTION 313 "Represents the age time for entries in the detected device table. 314 If an entry is not detected within the interval, it is deleted from 315 the detected device table. If the deleted entry is that of a rogue, it 316 is added into the rogue history table." 317 ::= { hh3cDot11WIDSGlobalConfigGroup 4 } 318 319hh3cDot11DynBlkListEnable OBJECT-TYPE 320 SYNTAX TruthValue 321 MAX-ACCESS read-write 322 STATUS current 323 DESCRIPTION 324 "Represents whether the dynamic blacklist feature is enabled or not. 325 'true' : Enable the dynamic blacklist feature to filter out unwanted 326 clients, which will not get associated. 327 'false' : Disable the dynamic blacklist feature." 328 ::= { hh3cDot11WIDSGlobalConfigGroup 5 } 329 330hh3cDot11DynBlkListLifeTime OBJECT-TYPE 331 SYNTAX Integer32(60..3600) 332 UNITS "second" 333 MAX-ACCESS read-write 334 STATUS current 335 DESCRIPTION 336 "Represents the lifetime for dynamic blacklist entries. 337 If a dynamic blacklist entry is not detected within the lifetime, the 338 entry will be removed from the dynamic blacklist. 339 The lifetime becomes active only if dynamic blacklist feature is 340 enabled." 341 ::= { hh3cDot11WIDSGlobalConfigGroup 6 } 342 343hh3cDot11FloodAtkDctEnable OBJECT-TYPE 344 SYNTAX TruthValue 345 MAX-ACCESS read-write 346 STATUS current 347 DESCRIPTION 348 "Represents whether detection of flood attack is enabled or not. 349 'true' : Enable the detection of flood attack. 350 'false' : Disable the detection of flood attack." 351 ::= { hh3cDot11WIDSGlobalConfigGroup 7 } 352 353hh3cDot11SpoofAtkDctEnable OBJECT-TYPE 354 SYNTAX TruthValue 355 MAX-ACCESS read-write 356 STATUS current 357 DESCRIPTION 358 "Represents whether detection of Spoof attack is enabled or not. 359 'true' : Enable the detection of Spoof attack. 360 'false' : Disable the detection of Spoof attack." 361 ::= { hh3cDot11WIDSGlobalConfigGroup 8 } 362 363hh3cDot11WeakIVAtkDctEnable OBJECT-TYPE 364 SYNTAX TruthValue 365 MAX-ACCESS read-write 366 STATUS current 367 DESCRIPTION 368 "Represents whether detection of weak-iv attack is enabled or not. 369 'true' : Enable the detection of weak-iv attack. 370 'false' : Disable the detection of weak-iv attack." 371 ::= { hh3cDot11WIDSGlobalConfigGroup 9 } 372 373hh3cDot11ResetWIDSRogueHistory OBJECT-TYPE 374 SYNTAX TruthValue 375 MAX-ACCESS read-write 376 STATUS current 377 DESCRIPTION 378 "This object is used to clear all entries from the rogue history table. 379 It will return false for get operation." 380 ::= { hh3cDot11WIDSGlobalConfigGroup 10 } 381 382hh3cDot11ResetWIDSHistroy OBJECT-TYPE 383 SYNTAX TruthValue 384 MAX-ACCESS read-write 385 STATUS current 386 DESCRIPTION 387 "This object is used to clear the history information of attacks 388 detected in the WLAN system. 389 It will return false for get operation." 390 ::= { hh3cDot11WIDSGlobalConfigGroup 11 } 391 392hh3cDot11ResetWIDSStatistics OBJECT-TYPE 393 SYNTAX TruthValue 394 MAX-ACCESS read-write 395 STATUS current 396 DESCRIPTION 397 "This object is used to clear the statistics of attacks detected in the 398 WLAN system. 399 It will return false for get operation." 400 ::= { hh3cDot11WIDSGlobalConfigGroup 12 } 401 402hh3cDot11ResetAllDynBlkList OBJECT-TYPE 403 SYNTAX TruthValue 404 MAX-ACCESS read-write 405 STATUS current 406 DESCRIPTION 407 "This object is used to remove all entries from the dynamic blacklist. 408 It will return false for get operation." 409 ::= { hh3cDot11WIDSGlobalConfigGroup 13 } 410 411hh3cDot11ResetAllStcBlkList OBJECT-TYPE 412 SYNTAX TruthValue 413 MAX-ACCESS read-write 414 STATUS current 415 DESCRIPTION 416 "This object is used to remove all entries from the static blacklist. 417 It will return false for get operation." 418 ::= { hh3cDot11WIDSGlobalConfigGroup 14 } 419 420hh3cDot11ResetAllWhtBlkList OBJECT-TYPE 421 SYNTAX TruthValue 422 MAX-ACCESS read-write 423 STATUS current 424 DESCRIPTION 425 "This object is used to remove all entries from the static whitelist. 426 It will return false for get operation." 427 ::= { hh3cDot11WIDSGlobalConfigGroup 15 } 428 429hh3cDot11ResetAllDctRogueAP OBJECT-TYPE 430 SYNTAX TruthValue 431 MAX-ACCESS read-write 432 STATUS current 433 DESCRIPTION 434 "This object is used to clear the information of all detected rogue APs. 435 It will return false for get operation." 436 ::= { hh3cDot11WIDSGlobalConfigGroup 16 } 437 438hh3cDot11ResetAllDctRogueSta OBJECT-TYPE 439 SYNTAX TruthValue 440 MAX-ACCESS read-write 441 STATUS current 442 DESCRIPTION 443 "This object is used to clear the information of all detected rogue 444 clients. 445 It will return false for get operation." 446 ::= { hh3cDot11WIDSGlobalConfigGroup 17 } 447 448hh3cDot11ResetAllDctAdhoc OBJECT-TYPE 449 SYNTAX TruthValue 450 MAX-ACCESS read-write 451 STATUS current 452 DESCRIPTION 453 "This object is used to clear the information of all detected ad hoc 454 devices. 455 It will return false for get operation." 456 ::= { hh3cDot11WIDSGlobalConfigGroup 18 } 457 458hh3cDot11ResetAllDctDevice OBJECT-TYPE 459 SYNTAX TruthValue 460 MAX-ACCESS read-write 461 STATUS current 462 DESCRIPTION 463 "This object is used to clear the information of all detected devices. 464 It will return false for get operation." 465 ::= { hh3cDot11WIDSGlobalConfigGroup 19 } 466 467hh3cDot11ResetAllDctSSID OBJECT-TYPE 468 SYNTAX TruthValue 469 MAX-ACCESS read-write 470 STATUS current 471 DESCRIPTION 472 "This object is used to clear the information of all detected SSIDs. 473 It will return false for get operation." 474 ::= { hh3cDot11WIDSGlobalConfigGroup 20 } 475 476hh3cDot11WidsFloodInterval OBJECT-TYPE 477 SYNTAX Unsigned32 478 UNITS "second" 479 MAX-ACCESS read-write 480 STATUS current 481 DESCRIPTION 482 "The interval of WIDS flood detection." 483 DEFVAL { 1 } 484 ::= { hh3cDot11WIDSGlobalConfigGroup 21 } 485 486hh3cDot11WidsBlackListThreshold OBJECT-TYPE 487 SYNTAX Unsigned32 488 MAX-ACCESS read-write 489 STATUS current 490 DESCRIPTION 491 "When flood attack exceeds the value of this node, 492 the MAC address will be added into black list." 493 DEFVAL { 100 } 494 ::= { hh3cDot11WIDSGlobalConfigGroup 22 } 495 496hh3cDot11SSIDFilterOnOff OBJECT-TYPE 497 SYNTAX INTEGER 498 { 499 on(1), 500 off(2) 501 } 502 MAX-ACCESS read-write 503 STATUS current 504 DESCRIPTION 505 "Represents whether the SSID permit feature is enabled or not." 506 DEFVAL { on } 507 ::= { hh3cDot11WIDSGlobalConfigGroup 23 } 508 509hh3cDot11BSSIDFilterOnOff OBJECT-TYPE 510 SYNTAX INTEGER 511 { 512 on(1), 513 off(2) 514 } 515 MAX-ACCESS read-write 516 STATUS current 517 DESCRIPTION 518 "Represents whether the BSSID permit feature is enabled or not." 519 DEFVAL { on } 520 ::= { hh3cDot11WIDSGlobalConfigGroup 24 } 521 522-- ********************************************************************** 523-- * End of hh3cDot11WIDSGlobalConfigGroup Definition 524-- ***************************************************************************** 525 526-- ***************************************************************************** 527-- * hh3cDot11WIDSPermitVendorTable Definition 528-- ***************************************************************************** 529hh3cDot11WIDSPermitVendorTable OBJECT-TYPE 530 SYNTAX SEQUENCE OF Hh3cDot11WIDSPermitVendorEntry 531 MAX-ACCESS not-accessible 532 STATUS current 533 DESCRIPTION 534 "The table provides the permitted vendor list, and each vendor 535 will be identified by OUI. 536 The legal device should be made by the permitted vendors." 537 ::= { hh3cDot11WIDSConfigGroup 2 } 538 539hh3cDot11WIDSPermitVendorEntry OBJECT-TYPE 540 SYNTAX Hh3cDot11WIDSPermitVendorEntry 541 MAX-ACCESS not-accessible 542 STATUS current 543 DESCRIPTION 544 "Each entry provides the information of permitted vendor." 545 INDEX 546 { 547 hh3cDot11VendorOUI 548 } 549 ::= { hh3cDot11WIDSPermitVendorTable 1 } 550 551Hh3cDot11WIDSPermitVendorEntry ::= SEQUENCE 552 { 553 hh3cDot11VendorOUI OCTET STRING, 554 hh3cDot11PermitVendorRowStatus RowStatus, 555 hh3cDot11VendorName OCTET STRING 556 } 557 558hh3cDot11VendorOUI OBJECT-TYPE 559 SYNTAX OCTET STRING(SIZE(3)) 560 MAX-ACCESS not-accessible 561 STATUS current 562 DESCRIPTION 563 "Represents the vendor OUI information of the wireless device." 564 ::= { hh3cDot11WIDSPermitVendorEntry 1 } 565 566hh3cDot11PermitVendorRowStatus OBJECT-TYPE 567 SYNTAX RowStatus 568 MAX-ACCESS read-create 569 STATUS current 570 DESCRIPTION 571 "The status of this table entry." 572 ::= { hh3cDot11WIDSPermitVendorEntry 2 } 573 574hh3cDot11VendorName OBJECT-TYPE 575 SYNTAX OCTET STRING(SIZE(0..127)) 576 MAX-ACCESS read-only 577 STATUS current 578 DESCRIPTION 579 "Represents the vendor name of the wireless device." 580 ::= { hh3cDot11WIDSPermitVendorEntry 3 } 581-- ***************************************************************************** 582-- * End of hh3cDot11WIDSPermitVendorTable Definition 583-- ***************************************************************************** 584 585-- ***************************************************************************** 586-- * hh3cDot11WIDSPermitSSIDTable Definition 587-- ***************************************************************************** 588hh3cDot11WIDSPermitSSIDTable OBJECT-TYPE 589 SYNTAX SEQUENCE OF Hh3cDot11WIDSPermitSSIDEntry 590 MAX-ACCESS not-accessible 591 STATUS current 592 DESCRIPTION 593 "The table represents the list of SSID could be permitted in 594 the wireless network." 595 ::= { hh3cDot11WIDSConfigGroup 3 } 596 597hh3cDot11WIDSPermitSSIDEntry OBJECT-TYPE 598 SYNTAX Hh3cDot11WIDSPermitSSIDEntry 599 MAX-ACCESS not-accessible 600 STATUS current 601 DESCRIPTION 602 "Each entry provides the information of permitted SSID." 603 INDEX 604 { 605 hh3cDot11PermitSSID 606 } 607 ::= { hh3cDot11WIDSPermitSSIDTable 1 } 608 609Hh3cDot11WIDSPermitSSIDEntry ::= SEQUENCE 610 { 611 hh3cDot11PermitSSID Hh3cDot11SSIDStringType, 612 hh3cDot11PermitSSIDRowStatus RowStatus, 613 hh3cDot11PermitSSIDDetected TruthValue 614 } 615 616hh3cDot11PermitSSID OBJECT-TYPE 617 SYNTAX Hh3cDot11SSIDStringType(SIZE(0..127)) 618 MAX-ACCESS not-accessible 619 STATUS current 620 DESCRIPTION 621 "Represents the permitted SSID in the wireless network." 622 ::= { hh3cDot11WIDSPermitSSIDEntry 1 } 623 624hh3cDot11PermitSSIDRowStatus OBJECT-TYPE 625 SYNTAX RowStatus 626 MAX-ACCESS read-create 627 STATUS current 628 DESCRIPTION 629 "The status of this table entry." 630 ::= { hh3cDot11WIDSPermitSSIDEntry 2 } 631 632hh3cDot11PermitSSIDDetected OBJECT-TYPE 633 SYNTAX TruthValue 634 MAX-ACCESS read-only 635 STATUS current 636 DESCRIPTION 637 "Represents whether the permitted SSID is detected or not." 638 ::= { hh3cDot11WIDSPermitSSIDEntry 3 } 639-- ***************************************************************************** 640-- * End of hh3cDot11WIDSPermitSSIDTable Definition 641-- ***************************************************************************** 642 643-- ***************************************************************************** 644-- * hh3cDot11WIDSIgnoreListTable Definition 645-- ***************************************************************************** 646hh3cDot11WIDSIgnoreListTable OBJECT-TYPE 647 SYNTAX SEQUENCE OF Hh3cDot11WIDSIgnoreListEntry 648 MAX-ACCESS not-accessible 649 STATUS current 650 DESCRIPTION 651 "The table provides the MAC address list of stations or APs, 652 and WIDS always take them as legal stations or APs." 653 ::= { hh3cDot11WIDSConfigGroup 4 } 654 655hh3cDot11WIDSIgnoreListEntry OBJECT-TYPE 656 SYNTAX Hh3cDot11WIDSIgnoreListEntry 657 MAX-ACCESS not-accessible 658 STATUS current 659 DESCRIPTION 660 "Each entry contains the MAC address of station or AP, 661 and WIDS always take it as legal station or AP." 662 INDEX 663 { 664 hh3cDot11IgnoreMAC 665 } 666 ::= { hh3cDot11WIDSIgnoreListTable 1 } 667 668Hh3cDot11WIDSIgnoreListEntry ::= SEQUENCE 669 { 670 hh3cDot11IgnoreMAC MacAddress, 671 hh3cDot11IgnoreListRowStatus RowStatus, 672 hh3cDot11IgnoreMACDetected TruthValue, 673 hh3cDot11IgnoreDevType Hh3cDot11WIDSDevType 674 } 675 676hh3cDot11IgnoreMAC OBJECT-TYPE 677 SYNTAX MacAddress 678 MAX-ACCESS not-accessible 679 STATUS current 680 DESCRIPTION 681 "Represents the MAC address of station or AP, and WIDS always 682 take it as legal station or AP." 683 ::= { hh3cDot11WIDSIgnoreListEntry 1 } 684 685hh3cDot11IgnoreListRowStatus OBJECT-TYPE 686 SYNTAX RowStatus 687 MAX-ACCESS read-create 688 STATUS current 689 DESCRIPTION 690 "The status of this table entry." 691 ::= { hh3cDot11WIDSIgnoreListEntry 2 } 692 693hh3cDot11IgnoreMACDetected OBJECT-TYPE 694 SYNTAX TruthValue 695 MAX-ACCESS read-only 696 STATUS current 697 DESCRIPTION 698 "Represents whether the MAC address detected or not." 699 ::= { hh3cDot11WIDSIgnoreListEntry 3 } 700 701hh3cDot11IgnoreDevType OBJECT-TYPE 702 SYNTAX Hh3cDot11WIDSDevType 703 MAX-ACCESS read-only 704 STATUS current 705 DESCRIPTION 706 "Represents the type of the MAC address detected. 707 The value of this object always is unknown if the MAC address is not 708 detected." 709 ::= { hh3cDot11WIDSIgnoreListEntry 4 } 710-- ***************************************************************************** 711-- * End of hh3cDot11WIDSIgnoreListTable Definition 712-- ***************************************************************************** 713 714-- ***************************************************************************** 715-- * hh3cDot11WIDSAttackListTable Definition 716-- ***************************************************************************** 717hh3cDot11WIDSAttackListTable OBJECT-TYPE 718 SYNTAX SEQUENCE OF Hh3cDot11WIDSAttackListEntry 719 MAX-ACCESS not-accessible 720 STATUS current 721 DESCRIPTION 722 "The table provides the MAC address list of rogue APs or rogue 723 stations, the WIDS will take countermeasure as per the MAC 724 address list." 725 ::= { hh3cDot11WIDSConfigGroup 5 } 726 727hh3cDot11WIDSAttackListEntry OBJECT-TYPE 728 SYNTAX Hh3cDot11WIDSAttackListEntry 729 MAX-ACCESS not-accessible 730 STATUS current 731 DESCRIPTION 732 "Each entry contains the MAC address of rogue AP or rogue station, 733 and the countermeasure will be taken for it." 734 INDEX 735 { 736 hh3cDot11AttackDeviceMac 737 } 738 ::= { hh3cDot11WIDSAttackListTable 1 } 739 740Hh3cDot11WIDSAttackListEntry ::= SEQUENCE 741 { 742 hh3cDot11AttackDeviceMac MacAddress, 743 hh3cDot11AttackListRowStatus RowStatus, 744 hh3cDot11AttackDevDetected TruthValue, 745 hh3cDot11AttackDevType Hh3cDot11WIDSDevType 746 } 747 748hh3cDot11AttackDeviceMac OBJECT-TYPE 749 SYNTAX MacAddress 750 MAX-ACCESS not-accessible 751 STATUS current 752 DESCRIPTION 753 "Represents the MAC address of rogue AP or rogue station, 754 and the countermeasure will be taken for it." 755 ::= { hh3cDot11WIDSAttackListEntry 1 } 756 757hh3cDot11AttackListRowStatus OBJECT-TYPE 758 SYNTAX RowStatus 759 MAX-ACCESS read-create 760 STATUS current 761 DESCRIPTION 762 "The status of this table entry." 763 ::= { hh3cDot11WIDSAttackListEntry 2 } 764 765hh3cDot11AttackDevDetected OBJECT-TYPE 766 SYNTAX TruthValue 767 MAX-ACCESS read-only 768 STATUS current 769 DESCRIPTION 770 "Represents whether the assigned MAC address in attack list is detected 771 or not." 772 ::= { hh3cDot11WIDSAttackListEntry 3 } 773 774hh3cDot11AttackDevType OBJECT-TYPE 775 SYNTAX Hh3cDot11WIDSDevType 776 MAX-ACCESS read-only 777 STATUS current 778 DESCRIPTION 779 "Represents the type of detected MAC address in attack list. If the 780 MAC address is not detected, it will return unknown(5) for get 781 operation." 782 ::= { hh3cDot11WIDSAttackListEntry 4 } 783-- ***************************************************************************** 784-- * End of hh3cDot11WIDSAttackListTable Definition 785-- ***************************************************************************** 786 787-- ***************************************************************************** 788-- * hh3cDot11StaticWhiteListTable Definition 789-- ***************************************************************************** 790hh3cDot11StaticWhiteListTable OBJECT-TYPE 791 SYNTAX SEQUENCE OF Hh3cDot11StaticWhiteListEntry 792 MAX-ACCESS not-accessible 793 STATUS current 794 DESCRIPTION 795 "The table provides the information of whitelist." 796 ::= { hh3cDot11WIDSConfigGroup 6 } 797 798hh3cDot11StaticWhiteListEntry OBJECT-TYPE 799 SYNTAX Hh3cDot11StaticWhiteListEntry 800 MAX-ACCESS not-accessible 801 STATUS current 802 DESCRIPTION 803 "Each entry contains the information of whitelist." 804 INDEX 805 { 806 hh3cDot11StaticWhiteListMAC 807 } 808 ::= { hh3cDot11StaticWhiteListTable 1 } 809 810Hh3cDot11StaticWhiteListEntry ::= SEQUENCE 811 { 812 hh3cDot11StaticWhiteListMAC MacAddress, 813 hh3cDot11StaticWhiteListRowStatus RowStatus 814 } 815 816hh3cDot11StaticWhiteListMAC OBJECT-TYPE 817 SYNTAX MacAddress 818 MAX-ACCESS not-accessible 819 STATUS current 820 DESCRIPTION 821 "Represents the MAC addresses in whitelist." 822 ::= { hh3cDot11StaticWhiteListEntry 1 } 823 824hh3cDot11StaticWhiteListRowStatus OBJECT-TYPE 825 SYNTAX RowStatus 826 MAX-ACCESS read-create 827 STATUS current 828 DESCRIPTION 829 "The status of this table entry." 830 ::= { hh3cDot11StaticWhiteListEntry 2 } 831-- ***************************************************************************** 832-- * End of hh3cDot11StaticWhiteListTable Definition 833-- ***************************************************************************** 834 835-- ***************************************************************************** 836-- * hh3cDot11StaticBlackListTable Definition 837-- ***************************************************************************** 838hh3cDot11StaticBlackListTable OBJECT-TYPE 839 SYNTAX SEQUENCE OF Hh3cDot11StaticBlackListEntry 840 MAX-ACCESS not-accessible 841 STATUS current 842 DESCRIPTION 843 "The table provides the information of static blacklist." 844 ::= { hh3cDot11WIDSConfigGroup 7 } 845 846hh3cDot11StaticBlackListEntry OBJECT-TYPE 847 SYNTAX Hh3cDot11StaticBlackListEntry 848 MAX-ACCESS not-accessible 849 STATUS current 850 DESCRIPTION 851 "Each entry contains the information of static blacklist." 852 INDEX 853 { 854 hh3cDot11StaticBlackListMAC 855 } 856 ::= { hh3cDot11StaticBlackListTable 1 } 857 858Hh3cDot11StaticBlackListEntry ::= SEQUENCE 859 { 860 hh3cDot11StaticBlackListMAC MacAddress, 861 hh3cDot11StaticBlackListRowStatus RowStatus 862 } 863 864hh3cDot11StaticBlackListMAC OBJECT-TYPE 865 SYNTAX MacAddress 866 MAX-ACCESS not-accessible 867 STATUS current 868 DESCRIPTION 869 "Represents the MAC addresses in static blacklist." 870 ::= { hh3cDot11StaticBlackListEntry 1 } 871 872hh3cDot11StaticBlackListRowStatus OBJECT-TYPE 873 SYNTAX RowStatus 874 MAX-ACCESS read-create 875 STATUS current 876 DESCRIPTION 877 "The status of this table entry." 878 ::= { hh3cDot11StaticBlackListEntry 2 } 879-- ***************************************************************************** 880-- * End of hh3cDot11StaticBlackListTable Definition 881-- ***************************************************************************** 882 883-- ***************************************************************************** 884-- * hh3cDot11WIDSPermitBSSIDTable Definition 885-- ***************************************************************************** 886hh3cDot11WIDSPermitBSSIDTable OBJECT-TYPE 887 SYNTAX SEQUENCE OF Hh3cDot11WIDSPermitBSSIDEntry 888 MAX-ACCESS not-accessible 889 STATUS current 890 DESCRIPTION 891 "The table represents the list of BSSID could be permitted in 892 the wireless network." 893 ::= { hh3cDot11WIDSConfigGroup 8 } 894 895hh3cDot11WIDSPermitBSSIDEntry OBJECT-TYPE 896 SYNTAX Hh3cDot11WIDSPermitBSSIDEntry 897 MAX-ACCESS not-accessible 898 STATUS current 899 DESCRIPTION 900 "Each entry provides the information of permitted BSSID." 901 INDEX 902 { 903 hh3cDot11PermitBSSID 904 } 905 ::= { hh3cDot11WIDSPermitBSSIDTable 1 } 906 907Hh3cDot11WIDSPermitBSSIDEntry ::= SEQUENCE 908 { 909 hh3cDot11PermitBSSID MacAddress, 910 hh3cDot11PermitBSSIDDetected TruthValue, 911 hh3cDot11PermitBSSIDRowStatus RowStatus 912 } 913 914hh3cDot11PermitBSSID OBJECT-TYPE 915 SYNTAX MacAddress 916 MAX-ACCESS not-accessible 917 STATUS current 918 DESCRIPTION 919 "Represents the permitted BSSID in the wireless network." 920 ::= { hh3cDot11WIDSPermitBSSIDEntry 1 } 921 922hh3cDot11PermitBSSIDDetected OBJECT-TYPE 923 SYNTAX TruthValue 924 MAX-ACCESS read-only 925 STATUS current 926 DESCRIPTION 927 "Represents whether the permitted BSSID is detected or not." 928 ::= { hh3cDot11WIDSPermitBSSIDEntry 2 } 929 930hh3cDot11PermitBSSIDRowStatus OBJECT-TYPE 931 SYNTAX RowStatus 932 MAX-ACCESS read-create 933 STATUS current 934 DESCRIPTION 935 "Represents the row status of permit BSSID table." 936 ::= { hh3cDot11WIDSPermitBSSIDEntry 3 } 937-- ***************************************************************************** 938-- * End of hh3cDot11StaticBlackListTable Definition 939-- ***************************************************************************** 940 941-- ***************************************************************************** 942-- * hh3cDot11WIDSRogueAPTable Definition 943-- ***************************************************************************** 944hh3cDot11WIDSRogueAPTable OBJECT-TYPE 945 SYNTAX SEQUENCE OF Hh3cDot11WIDSRogueAPEntry 946 MAX-ACCESS not-accessible 947 STATUS current 948 DESCRIPTION 949 "The table represents the list of possible BSS information for 950 rogue APs detected by the WIDS." 951 ::= { hh3cDot11WIDSDetectGroup 1 } 952 953hh3cDot11WIDSRogueAPEntry OBJECT-TYPE 954 SYNTAX Hh3cDot11WIDSRogueAPEntry 955 MAX-ACCESS not-accessible 956 STATUS current 957 DESCRIPTION 958 "Each entry contains possible BSS information of each rogue AP 959 detected by WIDS." 960 INDEX 961 { 962 hh3cDot11RogueAPBSSMAC 963 } 964 ::= { hh3cDot11WIDSRogueAPTable 1 } 965 966Hh3cDot11WIDSRogueAPEntry ::= SEQUENCE 967 { 968 hh3cDot11RogueAPBSSMAC MacAddress, 969 hh3cDot11RogueAPVendorName OCTET STRING, 970 hh3cDot11RogueAPMonitorNum Integer32, 971 hh3cDot11RogueAPFirstDetectTm TimeTicks, 972 hh3cDot11RogueAPLastDetectTm TimeTicks, 973 hh3cDot11RogueAPSSID Hh3cDot11SSIDStringType, 974 hh3cDot11RogueAPMaxSigStrength Integer32, 975 hh3cDot11RogueAPChannel Hh3cDot11ChannelScopeType, 976 hh3cDot11RogueAPBeaconInterval Integer32, 977 hh3cDot11RogueAPAttackedStatus TruthValue, 978 hh3cDot11RogueAPToIgnore TruthValue, 979 hh3cDot11RogueAPEncryptStatus TruthValue, 980 hh3cDot11RogueAPReset TruthValue, 981 hh3cDot11RogueAPFirstDetectTmStr OCTET STRING, 982 hh3cDot11RogueAPLastDetectTmStr OCTET STRING 983 } 984 985hh3cDot11RogueAPBSSMAC OBJECT-TYPE 986 SYNTAX MacAddress 987 MAX-ACCESS not-accessible 988 STATUS current 989 DESCRIPTION 990 "Represents the BSS MAC address of rogue AP." 991 ::= { hh3cDot11WIDSRogueAPEntry 1 } 992 993hh3cDot11RogueAPVendorName OBJECT-TYPE 994 SYNTAX OCTET STRING(SIZE(0..127)) 995 MAX-ACCESS read-only 996 STATUS current 997 DESCRIPTION 998 "Represents the vendor name of rogue AP." 999 ::= { hh3cDot11WIDSRogueAPEntry 2 } 1000 1001hh3cDot11RogueAPMonitorNum OBJECT-TYPE 1002 SYNTAX Integer32 1003 MAX-ACCESS read-only 1004 STATUS current 1005 DESCRIPTION 1006 "Represents the number of monitor APs which detected the 1007 rogue AP." 1008 ::= { hh3cDot11WIDSRogueAPEntry 3 } 1009 1010hh3cDot11RogueAPFirstDetectTm OBJECT-TYPE 1011 SYNTAX TimeTicks 1012 MAX-ACCESS read-only 1013 STATUS current 1014 DESCRIPTION 1015 "Represents the time that AP was detected as a rogue AP for 1016 the first time." 1017 ::= { hh3cDot11WIDSRogueAPEntry 4 } 1018 1019hh3cDot11RogueAPLastDetectTm OBJECT-TYPE 1020 SYNTAX TimeTicks 1021 MAX-ACCESS read-only 1022 STATUS current 1023 DESCRIPTION 1024 "Represents the time that AP was detected as a rogue AP for 1025 the last time." 1026 ::= { hh3cDot11WIDSRogueAPEntry 5 } 1027 1028hh3cDot11RogueAPSSID OBJECT-TYPE 1029 SYNTAX Hh3cDot11SSIDStringType 1030 MAX-ACCESS read-only 1031 STATUS current 1032 DESCRIPTION 1033 "Represents the SSID broadcasted by rogue AP." 1034 ::= { hh3cDot11WIDSRogueAPEntry 6 } 1035 1036hh3cDot11RogueAPMaxSigStrength OBJECT-TYPE 1037 SYNTAX Integer32 1038 UNITS "dBm" 1039 MAX-ACCESS read-only 1040 STATUS current 1041 DESCRIPTION 1042 "Represents the maximal value of signal strength that WIDS received 1043 from the rogue AP." 1044 ::= { hh3cDot11WIDSRogueAPEntry 7 } 1045 1046hh3cDot11RogueAPChannel OBJECT-TYPE 1047 SYNTAX Hh3cDot11ChannelScopeType 1048 MAX-ACCESS read-only 1049 STATUS current 1050 DESCRIPTION 1051 "Represents on which radio channel of the rogue AP the maximal signal 1052 strength was received." 1053 ::= { hh3cDot11WIDSRogueAPEntry 8 } 1054 1055hh3cDot11RogueAPBeaconInterval OBJECT-TYPE 1056 SYNTAX Integer32 1057 UNITS "millisecond" 1058 MAX-ACCESS read-only 1059 STATUS current 1060 DESCRIPTION 1061 "Represents the interval for Beacon management frame of rogue AP." 1062 ::= { hh3cDot11WIDSRogueAPEntry 9 } 1063 1064hh3cDot11RogueAPAttackedStatus OBJECT-TYPE 1065 SYNTAX TruthValue 1066 MAX-ACCESS read-only 1067 STATUS current 1068 DESCRIPTION 1069 "Represents whether the countermeasure have taken for the rogue AP." 1070 ::= { hh3cDot11WIDSRogueAPEntry 10 } 1071 1072hh3cDot11RogueAPToIgnore OBJECT-TYPE 1073 SYNTAX TruthValue 1074 MAX-ACCESS read-write 1075 STATUS current 1076 DESCRIPTION 1077 "Represents whether the rogue AP will be taken as a rogue AP. 1078 If the value is true, NMS should not display the rogue AP 1079 as NMS display rogue AP list, and the MAC address will be 1080 automatically added into hh3cDot11WIDSIgnoreListTable. 1081 If the value is false, NMS will take it as a rogue AP. " 1082 DEFVAL { false } 1083 ::= { hh3cDot11WIDSRogueAPEntry 11 } 1084 1085hh3cDot11RogueAPEncryptStatus OBJECT-TYPE 1086 SYNTAX TruthValue 1087 MAX-ACCESS read-only 1088 STATUS current 1089 DESCRIPTION 1090 "Represents whether the rogue AP encrypt the frame or not." 1091 ::= { hh3cDot11WIDSRogueAPEntry 12 } 1092 1093hh3cDot11RogueAPReset OBJECT-TYPE 1094 SYNTAX TruthValue 1095 MAX-ACCESS read-write 1096 STATUS current 1097 DESCRIPTION 1098 "This object is used to clear information of assigned AP. The 1099 information of AP which detect assigned rogue AP will be cleared 1100 together. 1101 It will return false for get operation." 1102 ::= { hh3cDot11WIDSRogueAPEntry 13 } 1103 1104hh3cDot11RogueAPFirstDetectTmStr OBJECT-TYPE 1105 SYNTAX OCTET STRING 1106 MAX-ACCESS read-only 1107 STATUS current 1108 DESCRIPTION 1109 "Represents the time that AP was detected as a rogue AP for 1110 the first time." 1111 ::= { hh3cDot11WIDSRogueAPEntry 14 } 1112 1113hh3cDot11RogueAPLastDetectTmStr OBJECT-TYPE 1114 SYNTAX OCTET STRING 1115 MAX-ACCESS read-only 1116 STATUS current 1117 DESCRIPTION 1118 "Represents the time that AP was detected as a rogue AP for 1119 the last time." 1120 ::= { hh3cDot11WIDSRogueAPEntry 15 } 1121-- ***************************************************************************** 1122-- * end of hh3cDot11WIDSRogueAPTable Definition 1123-- ***************************************************************************** 1124 1125-- ***************************************************************************** 1126-- * hh3cDot11WIDSRogueAPExtTable Definition 1127-- ***************************************************************************** 1128hh3cDot11WIDSRogueAPExtTable OBJECT-TYPE 1129 SYNTAX SEQUENCE OF Hh3cDot11WIDSRogueAPExtEntry 1130 MAX-ACCESS not-accessible 1131 STATUS current 1132 DESCRIPTION 1133 "As each rogue AP could be detected by multiple monitor APs, each 1134 monitor AP could have some kind of detailed information about 1135 a specific rogue AP. 1136 In the hh3cDot11WIDSRogueAPTable table, the detailed 1137 information for a specific rogue AP will be summarized from 1138 information in the hh3cDot11WIDSRogueAPExtTable table. 1139 For example, multiple monitor APs could receive RF signal of 1140 one rogue AP, and each monitor AP has its maximum signal strength by 1141 itself. The information will be kept as 1142 hh3cDot11DetectMaxAPSigStrength in the hh3cDot11WIDSRogueAPExtTable 1143 table. While only the maximum value among all the 1144 hh3cDot11DetectMaxAPSigStrength for each monitor AP will be 1145 kept in the hh3cDot11WIDSRogueAPTable as 1146 hh3cDot11RogueAPMaxSigStrength." 1147 ::= { hh3cDot11WIDSDetectGroup 2 } 1148 1149hh3cDot11WIDSRogueAPExtEntry OBJECT-TYPE 1150 SYNTAX Hh3cDot11WIDSRogueAPExtEntry 1151 MAX-ACCESS not-accessible 1152 STATUS current 1153 DESCRIPTION 1154 "Each entry contains information of the rogue AP detected 1155 by each monitor AP." 1156 INDEX 1157 { 1158 hh3cDot11RogueAPBSSMAC, 1159 hh3cDot11WIDSAPID 1160 } 1161 ::= { hh3cDot11WIDSRogueAPExtTable 1 } 1162 1163Hh3cDot11WIDSRogueAPExtEntry ::= SEQUENCE 1164 { 1165 hh3cDot11WIDSAPID Hh3cDot11ObjectIDType, 1166 hh3cDot11DetectCurAPSigStrength Integer32, 1167 hh3cDot11DetectAPByChannel Hh3cDot11ChannelScopeType, 1168 hh3cDot11DetectAPByRadioID Hh3cDot11RadioScopeType, 1169 hh3cDot11AttackAPStatus TruthValue, 1170 hh3cDot11DetectAPFirstTm TimeTicks, 1171 hh3cDot11DetectAPLastTm TimeTicks 1172 } 1173 1174hh3cDot11WIDSAPID OBJECT-TYPE 1175 SYNTAX Hh3cDot11ObjectIDType 1176 MAX-ACCESS not-accessible 1177 STATUS current 1178 DESCRIPTION 1179 "To uniquely identify each AP, and relation-ship between 1180 hh3cDot11WIDSAPID and AP device will be static." 1181 ::= { hh3cDot11WIDSRogueAPExtEntry 1 } 1182 1183hh3cDot11DetectCurAPSigStrength OBJECT-TYPE 1184 SYNTAX Integer32 1185 UNITS "dBm" 1186 MAX-ACCESS read-only 1187 STATUS current 1188 DESCRIPTION 1189 "Represents the current value of signal strength that WIDS monitor 1190 AP received from the rogue AP." 1191 ::= { hh3cDot11WIDSRogueAPExtEntry 2 } 1192 1193hh3cDot11DetectAPByChannel OBJECT-TYPE 1194 SYNTAX Hh3cDot11ChannelScopeType 1195 MAX-ACCESS read-only 1196 STATUS current 1197 DESCRIPTION 1198 "Represents on which radio channel that WIDS monitor AP detected 1199 the rogue AP." 1200 ::= { hh3cDot11WIDSRogueAPExtEntry 3 } 1201 1202hh3cDot11DetectAPByRadioID OBJECT-TYPE 1203 SYNTAX Hh3cDot11RadioScopeType 1204 MAX-ACCESS read-only 1205 STATUS current 1206 DESCRIPTION 1207 "Represents on which radio the monitor AP has detected the rogue 1208 AP." 1209 ::= { hh3cDot11WIDSRogueAPExtEntry 4 } 1210 1211hh3cDot11AttackAPStatus OBJECT-TYPE 1212 SYNTAX TruthValue 1213 MAX-ACCESS read-only 1214 STATUS current 1215 DESCRIPTION 1216 "Represents whether monitor AP have taken countermeasure on the 1217 rogue AP." 1218 ::= { hh3cDot11WIDSRogueAPExtEntry 5 } 1219 1220hh3cDot11DetectAPFirstTm OBJECT-TYPE 1221 SYNTAX TimeTicks 1222 MAX-ACCESS read-only 1223 STATUS current 1224 DESCRIPTION 1225 "Represents the time that monitor AP detected the rogue AP for 1226 the first time." 1227 ::= { hh3cDot11WIDSRogueAPExtEntry 6 } 1228 1229hh3cDot11DetectAPLastTm OBJECT-TYPE 1230 SYNTAX TimeTicks 1231 MAX-ACCESS read-only 1232 STATUS current 1233 DESCRIPTION 1234 "Represents the time that monitor AP detected the rogue AP for 1235 the last time." 1236 ::= { hh3cDot11WIDSRogueAPExtEntry 7 } 1237-- ***************************************************************************** 1238-- * end of hh3cDot11WIDSRogueAPExtTable Definition 1239-- ***************************************************************************** 1240 1241-- ***************************************************************************** 1242-- * hh3cDot11WIDSRogueStaTable Definition 1243-- ***************************************************************************** 1244hh3cDot11WIDSRogueStaTable OBJECT-TYPE 1245 SYNTAX SEQUENCE OF Hh3cDot11WIDSRogueStaEntry 1246 MAX-ACCESS not-accessible 1247 STATUS current 1248 DESCRIPTION 1249 "The table represents the list of rogue stations detected by 1250 the WIDS." 1251 ::= { hh3cDot11WIDSDetectGroup 3 } 1252 1253hh3cDot11WIDSRogueStaEntry OBJECT-TYPE 1254 SYNTAX Hh3cDot11WIDSRogueStaEntry 1255 MAX-ACCESS not-accessible 1256 STATUS current 1257 DESCRIPTION 1258 "Each entry contains information of each rogue station." 1259 INDEX 1260 { 1261 hh3cDot11RogueStaMAC 1262 } 1263 ::= { hh3cDot11WIDSRogueStaTable 1 } 1264 1265Hh3cDot11WIDSRogueStaEntry ::= SEQUENCE 1266 { 1267 hh3cDot11RogueStaMAC MacAddress, 1268 hh3cDot11RogueStaVendorName OCTET STRING, 1269 hh3cDot11RogueStaMonitorNum Integer32, 1270 hh3cDot11RogueStaFirstDetectTm TimeTicks, 1271 hh3cDot11RogueStaLastDetectTm TimeTicks, 1272 hh3cDot11RogueStaAccessBSSID MacAddress, 1273 hh3cDot11RogueStaMaxSigStrength Integer32, 1274 hh3cDot11RogueStaChannel Hh3cDot11ChannelScopeType, 1275 hh3cDot11RogueStaAttackedStatus TruthValue, 1276 hh3cDot11RogueStaToIgnore TruthValue, 1277 hh3cDot11RogueStaAdHocStatus TruthValue, 1278 hh3cDot11RogueStaReset TruthValue, 1279 hh3cDot11RogueStaFirstDetectTmStr OCTET STRING, 1280 hh3cDot11RogueStaLastDetectTmStr OCTET STRING 1281 } 1282 1283hh3cDot11RogueStaMAC OBJECT-TYPE 1284 SYNTAX MacAddress 1285 MAX-ACCESS not-accessible 1286 STATUS current 1287 DESCRIPTION 1288 "Represents the MAC address of rogue station." 1289 ::= { hh3cDot11WIDSRogueStaEntry 1 } 1290 1291hh3cDot11RogueStaVendorName OBJECT-TYPE 1292 SYNTAX OCTET STRING(SIZE(0..127)) 1293 MAX-ACCESS read-only 1294 STATUS current 1295 DESCRIPTION 1296 "Represents the vendor name of rogue station." 1297 ::= { hh3cDot11WIDSRogueStaEntry 2 } 1298 1299hh3cDot11RogueStaMonitorNum OBJECT-TYPE 1300 SYNTAX Integer32 1301 MAX-ACCESS read-only 1302 STATUS current 1303 DESCRIPTION 1304 "Represents the number of monitor APs which detected the 1305 rogue station." 1306 ::= { hh3cDot11WIDSRogueStaEntry 3 } 1307 1308hh3cDot11RogueStaFirstDetectTm OBJECT-TYPE 1309 SYNTAX TimeTicks 1310 MAX-ACCESS read-only 1311 STATUS current 1312 DESCRIPTION 1313 "Represents the time that station was detected as a rogue station for 1314 the first time." 1315 ::= { hh3cDot11WIDSRogueStaEntry 4 } 1316 1317hh3cDot11RogueStaLastDetectTm OBJECT-TYPE 1318 SYNTAX TimeTicks 1319 MAX-ACCESS read-only 1320 STATUS current 1321 DESCRIPTION 1322 "Represents the time that station was detected as a rogue station for 1323 the last time." 1324 ::= { hh3cDot11WIDSRogueStaEntry 5 } 1325 1326hh3cDot11RogueStaAccessBSSID OBJECT-TYPE 1327 SYNTAX MacAddress 1328 MAX-ACCESS read-only 1329 STATUS current 1330 DESCRIPTION 1331 "Represents BSS MAC address that rogue station try to access." 1332 ::= { hh3cDot11WIDSRogueStaEntry 6 } 1333 1334hh3cDot11RogueStaMaxSigStrength OBJECT-TYPE 1335 SYNTAX Integer32 1336 UNITS "dBm" 1337 MAX-ACCESS read-only 1338 STATUS current 1339 DESCRIPTION 1340 "Represents the maximal value of signal strength that WIDS received 1341 from the rogue station." 1342 ::= { hh3cDot11WIDSRogueStaEntry 7 } 1343 1344hh3cDot11RogueStaChannel OBJECT-TYPE 1345 SYNTAX Hh3cDot11ChannelScopeType 1346 MAX-ACCESS read-only 1347 STATUS current 1348 DESCRIPTION 1349 "Represents on which radio channel the maximal signal strength 1350 was received." 1351 ::= { hh3cDot11WIDSRogueStaEntry 8 } 1352 1353hh3cDot11RogueStaAttackedStatus OBJECT-TYPE 1354 SYNTAX TruthValue 1355 MAX-ACCESS read-only 1356 STATUS current 1357 DESCRIPTION 1358 "Represents whether the countermeasure have taken for the rogue 1359 station." 1360 ::= { hh3cDot11WIDSRogueStaEntry 9 } 1361 1362hh3cDot11RogueStaToIgnore OBJECT-TYPE 1363 SYNTAX TruthValue 1364 MAX-ACCESS read-write 1365 STATUS current 1366 DESCRIPTION 1367 "Represents whether the rogue AP will be taken as a rogue station. 1368 If the value is true, NMS should not display the rogue station 1369 as NMS display rogue station list, and the MAC address will be 1370 automatically added into hh3cDot11WIDSIgnoreListTable. 1371 If the value is false, NMS will take it as a rogue station. " 1372 DEFVAL { false } 1373 ::= { hh3cDot11WIDSRogueStaEntry 10 } 1374 1375hh3cDot11RogueStaAdHocStatus OBJECT-TYPE 1376 SYNTAX TruthValue 1377 MAX-ACCESS read-only 1378 STATUS current 1379 DESCRIPTION 1380 "Represents whether the rogue station work on the Ad Hoc mode 1381 or not." 1382 ::= { hh3cDot11WIDSRogueStaEntry 11 } 1383 1384hh3cDot11RogueStaReset OBJECT-TYPE 1385 SYNTAX TruthValue 1386 MAX-ACCESS read-write 1387 STATUS current 1388 DESCRIPTION 1389 "This object is used to clear information of assigned station. The 1390 information of AP which detects assigned rogue station will be cleared 1391 together. 1392 It will return false for get operation." 1393 ::= { hh3cDot11WIDSRogueStaEntry 12 } 1394 1395hh3cDot11RogueStaFirstDetectTmStr OBJECT-TYPE 1396 SYNTAX OCTET STRING 1397 MAX-ACCESS read-only 1398 STATUS current 1399 DESCRIPTION 1400 "Represents the time that station was detected as a rogue station for 1401 the first time." 1402 ::= { hh3cDot11WIDSRogueStaEntry 13 } 1403 1404hh3cDot11RogueStaLastDetectTmStr OBJECT-TYPE 1405 SYNTAX OCTET STRING 1406 MAX-ACCESS read-only 1407 STATUS current 1408 DESCRIPTION 1409 "Represents the time that station was detected as a rogue station for 1410 the last time." 1411 ::= { hh3cDot11WIDSRogueStaEntry 14 } 1412-- ***************************************************************************** 1413-- * End of hh3cDot11WIDSRogueStaTable Definition 1414-- ***************************************************************************** 1415 1416-- ***************************************************************************** 1417-- * hh3cDot11WIDSRogueStaExtTable Definition 1418-- ***************************************************************************** 1419hh3cDot11WIDSRogueStaExtTable OBJECT-TYPE 1420 SYNTAX SEQUENCE OF Hh3cDot11WIDSRogueStaExtEntry 1421 MAX-ACCESS not-accessible 1422 STATUS current 1423 DESCRIPTION 1424 "As each rogue station could be detected by multiple monitor APs, each 1425 monitor AP could have some kind of detailed information about 1426 a specific rogue station. 1427 In the hh3cDot11WIDSRogueStaTable table, the detailed 1428 information for a specific rogue station will be summarized from 1429 information in the hh3cDot11WIDSRogueStaExtTable table. 1430 For example, multiple monitor APs could receive RF signal of one rogue 1431 station, and each monitor AP has its maximum signal strength by 1432 itself. The information will be kept as 1433 hh3cDot11DetectMaxStaSigStrength in the hh3cDot11WIDSRogueStaExtTable 1434 table. While only the maximum value among all the 1435 hh3cDot11DetectMaxStaSigStrength for each monitor AP will be 1436 kept in the hh3cDot11WIDSRogueStaTable as 1437 hh3cDot11RogueStaMaxSigStrength." 1438 ::= { hh3cDot11WIDSDetectGroup 4 } 1439 1440hh3cDot11WIDSRogueStaExtEntry OBJECT-TYPE 1441 SYNTAX Hh3cDot11WIDSRogueStaExtEntry 1442 MAX-ACCESS not-accessible 1443 STATUS current 1444 DESCRIPTION 1445 "Each entry contains information of rogue station detected 1446 by each monitor AP." 1447 INDEX 1448 { 1449 hh3cDot11RogueStaMAC, 1450 hh3cDot11WIDSAPID 1451 } 1452 ::= { hh3cDot11WIDSRogueStaExtTable 1 } 1453 1454Hh3cDot11WIDSRogueStaExtEntry ::= SEQUENCE 1455 { 1456 hh3cDot11DetectCurStaSigStrength Integer32, 1457 hh3cDot11DetectStaByChannel Hh3cDot11ChannelScopeType, 1458 hh3cDot11DetectStaByRadioID Hh3cDot11RadioScopeType, 1459 hh3cDot11AttackStaStatus TruthValue, 1460 hh3cDot11DetectStaFirstTm TimeTicks, 1461 hh3cDot11DetectStaLastTm TimeTicks 1462 } 1463 1464hh3cDot11DetectCurStaSigStrength OBJECT-TYPE 1465 SYNTAX Integer32 1466 UNITS "dBm" 1467 MAX-ACCESS read-only 1468 STATUS current 1469 DESCRIPTION 1470 "Represents the current value of signal strength that WIDS monitor 1471 AP received from the rogue station." 1472 ::= { hh3cDot11WIDSRogueStaExtEntry 1 } 1473 1474hh3cDot11DetectStaByChannel OBJECT-TYPE 1475 SYNTAX Hh3cDot11ChannelScopeType 1476 MAX-ACCESS read-only 1477 STATUS current 1478 DESCRIPTION 1479 "Represents on which radio channel the maximal signal strength 1480 was received." 1481 ::= { hh3cDot11WIDSRogueStaExtEntry 2 } 1482 1483hh3cDot11DetectStaByRadioID OBJECT-TYPE 1484 SYNTAX Hh3cDot11RadioScopeType 1485 MAX-ACCESS read-only 1486 STATUS current 1487 DESCRIPTION 1488 "Represents which radio on the monitor AP has detected the 1489 rogue station." 1490 ::= { hh3cDot11WIDSRogueStaExtEntry 3 } 1491 1492hh3cDot11AttackStaStatus OBJECT-TYPE 1493 SYNTAX TruthValue 1494 MAX-ACCESS read-only 1495 STATUS current 1496 DESCRIPTION 1497 "Represents whether monitor AP have taken countermeasure for the 1498 rogue station." 1499 ::= { hh3cDot11WIDSRogueStaExtEntry 4 } 1500 1501hh3cDot11DetectStaFirstTm OBJECT-TYPE 1502 SYNTAX TimeTicks 1503 MAX-ACCESS read-only 1504 STATUS current 1505 DESCRIPTION 1506 "Represents the time that monitor AP detected the rogue station 1507 for the first time." 1508 ::= { hh3cDot11WIDSRogueStaExtEntry 5 } 1509 1510hh3cDot11DetectStaLastTm OBJECT-TYPE 1511 SYNTAX TimeTicks 1512 MAX-ACCESS read-only 1513 STATUS current 1514 DESCRIPTION 1515 "Represents the time that monitor AP detected the rogue station 1516 for the last time." 1517 ::= { hh3cDot11WIDSRogueStaExtEntry 6 } 1518-- ***************************************************************************** 1519-- * end of hh3cDot11WIDSRogueStaExtTable Definition 1520-- ***************************************************************************** 1521 1522-- ***************************************************************************** 1523-- * hh3cDot11WIDSDetectedDevTable Definition 1524-- ***************************************************************************** 1525hh3cDot11WIDSDetectedDevTable OBJECT-TYPE 1526 SYNTAX SEQUENCE OF Hh3cDot11WIDSDetectedDevEntry 1527 MAX-ACCESS not-accessible 1528 STATUS current 1529 DESCRIPTION 1530 "This Table contains information of detected devices." 1531 ::= { hh3cDot11WIDSDetectGroup 5 } 1532 1533hh3cDot11WIDSDetectedDevEntry OBJECT-TYPE 1534 SYNTAX Hh3cDot11WIDSDetectedDevEntry 1535 MAX-ACCESS not-accessible 1536 STATUS current 1537 DESCRIPTION 1538 "Each entry contains information of detected devices." 1539 INDEX 1540 { 1541 hh3cDot11WIDSDevMAC 1542 } 1543 ::= { hh3cDot11WIDSDetectedDevTable 1 } 1544 1545Hh3cDot11WIDSDetectedDevEntry ::= SEQUENCE 1546 { 1547 hh3cDot11WIDSDevMAC MacAddress, 1548 hh3cDot11WIDSDevType Hh3cDot11WIDSDevType, 1549 hh3cDot11WIDSDevPermitType Hh3cDot11WIDSDevPermitType, 1550 hh3cDot11WIDSDevVendor OCTET STRING, 1551 hh3cDot11WIDSDevMonitorNum Integer32, 1552 hh3cDot11WIDSDevSSID OCTET STRING, 1553 hh3cDot11WIDSDevBSSID MacAddress, 1554 hh3cDot11WIDSDevChannel Hh3cDot11ChannelScopeType, 1555 hh3cDot11WIDSDevMaxRSSI Integer32, 1556 hh3cDot11WIDSDevBeaconIntvl Integer32, 1557 hh3cDot11WIDSDevFstDctTime DateAndTime, 1558 hh3cDot11WIDSDevLstDctTime DateAndTime, 1559 hh3cDot11WIDSDevReset TruthValue, 1560 hh3cDot11WIDSDevSnr Integer32 1561 } 1562 1563hh3cDot11WIDSDevMAC OBJECT-TYPE 1564 SYNTAX MacAddress 1565 MAX-ACCESS not-accessible 1566 STATUS current 1567 DESCRIPTION 1568 "Represents MAC address of the device detected." 1569 ::= { hh3cDot11WIDSDetectedDevEntry 1 } 1570 1571hh3cDot11WIDSDevType OBJECT-TYPE 1572 SYNTAX Hh3cDot11WIDSDevType 1573 MAX-ACCESS read-only 1574 STATUS current 1575 DESCRIPTION 1576 "Represents type of the device detected." 1577 ::= { hh3cDot11WIDSDetectedDevEntry 2 } 1578 1579hh3cDot11WIDSDevPermitType OBJECT-TYPE 1580 SYNTAX Hh3cDot11WIDSDevPermitType 1581 MAX-ACCESS read-only 1582 STATUS current 1583 DESCRIPTION 1584 "Represents whether the device detected is a rogue device or not." 1585 ::= { hh3cDot11WIDSDetectedDevEntry 3 } 1586 1587hh3cDot11WIDSDevVendor OBJECT-TYPE 1588 SYNTAX OCTET STRING 1589 MAX-ACCESS read-only 1590 STATUS current 1591 DESCRIPTION 1592 "Represents Vendor of the detected device." 1593 ::= { hh3cDot11WIDSDetectedDevEntry 4 } 1594 1595hh3cDot11WIDSDevMonitorNum OBJECT-TYPE 1596 SYNTAX Integer32 1597 MAX-ACCESS read-only 1598 STATUS current 1599 DESCRIPTION 1600 "Represents the number of active APs that detect the device." 1601 ::= { hh3cDot11WIDSDetectedDevEntry 5 } 1602 1603hh3cDot11WIDSDevSSID OBJECT-TYPE 1604 SYNTAX OCTET STRING 1605 MAX-ACCESS read-only 1606 STATUS current 1607 DESCRIPTION 1608 "Represents the service set identifier for the ESS of the device." 1609 ::= { hh3cDot11WIDSDetectedDevEntry 6 } 1610 1611hh3cDot11WIDSDevBSSID OBJECT-TYPE 1612 SYNTAX MacAddress 1613 MAX-ACCESS read-only 1614 STATUS current 1615 DESCRIPTION 1616 "Represents the basic service set identifier of the detected device." 1617 ::= { hh3cDot11WIDSDetectedDevEntry 7 } 1618 1619hh3cDot11WIDSDevChannel OBJECT-TYPE 1620 SYNTAX Hh3cDot11ChannelScopeType 1621 MAX-ACCESS read-only 1622 STATUS current 1623 DESCRIPTION 1624 "Represents the channel in which the device was last detected." 1625 ::= { hh3cDot11WIDSDetectedDevEntry 8 } 1626 1627hh3cDot11WIDSDevMaxRSSI OBJECT-TYPE 1628 SYNTAX Integer32 1629 UNITS "dbm" 1630 MAX-ACCESS read-only 1631 STATUS current 1632 DESCRIPTION 1633 "Represents the maximum detected RSSI of the device." 1634 ::= { hh3cDot11WIDSDetectedDevEntry 9 } 1635 1636hh3cDot11WIDSDevBeaconIntvl OBJECT-TYPE 1637 SYNTAX Integer32 1638 UNITS "millionsecond" 1639 MAX-ACCESS read-only 1640 STATUS current 1641 DESCRIPTION 1642 "Represents the beacon interval for the detected AP." 1643 ::= { hh3cDot11WIDSDetectedDevEntry 10 } 1644 1645hh3cDot11WIDSDevFstDctTime OBJECT-TYPE 1646 SYNTAX DateAndTime 1647 MAX-ACCESS read-only 1648 STATUS current 1649 DESCRIPTION 1650 "Represents the time at which the device was first detected." 1651 ::= { hh3cDot11WIDSDetectedDevEntry 11 } 1652 1653hh3cDot11WIDSDevLstDctTime OBJECT-TYPE 1654 SYNTAX DateAndTime 1655 MAX-ACCESS read-only 1656 STATUS current 1657 DESCRIPTION 1658 "Represents the time at which the rogue AP was detected last time." 1659 ::= { hh3cDot11WIDSDetectedDevEntry 12 } 1660 1661hh3cDot11WIDSDevReset OBJECT-TYPE 1662 SYNTAX TruthValue 1663 MAX-ACCESS read-write 1664 STATUS current 1665 DESCRIPTION 1666 "This object is used to clears the information of the device detected 1667 in the WLAN. 1668 It will return false for get operation." 1669 ::= { hh3cDot11WIDSDetectedDevEntry 13 } 1670 1671hh3cDot11WIDSDevSnr OBJECT-TYPE 1672 SYNTAX Integer32 1673 UNITS "dB" 1674 MAX-ACCESS read-only 1675 STATUS current 1676 DESCRIPTION 1677 "Represents SNR of the device detected." 1678 ::= { hh3cDot11WIDSDetectedDevEntry 14 } 1679 1680-- ***************************************************************************** 1681-- * end of hh3cDot11WIDSDetectedDevTable Definition 1682-- ***************************************************************************** 1683 1684-- ***************************************************************************** 1685-- * hh3cDot11WIDSRptAPTable Definition 1686-- ***************************************************************************** 1687hh3cDot11WIDSRptAPTable OBJECT-TYPE 1688 SYNTAX SEQUENCE OF Hh3cDot11WIDSRptAPEntry 1689 MAX-ACCESS not-accessible 1690 STATUS current 1691 DESCRIPTION 1692 "This Table contains information of the AP which detected device in the 1693 WLAN." 1694 ::= { hh3cDot11WIDSDetectGroup 6 } 1695 1696hh3cDot11WIDSRptAPEntry OBJECT-TYPE 1697 SYNTAX Hh3cDot11WIDSRptAPEntry 1698 MAX-ACCESS not-accessible 1699 STATUS current 1700 DESCRIPTION 1701 "Each entry contains information of the AP which detected device in the 1702 WLAN." 1703 INDEX 1704 { 1705 hh3cDot11WIDSDevMAC, 1706 hh3cDot11WIDSRptAPMAC 1707 } 1708 ::= { hh3cDot11WIDSRptAPTable 1 } 1709 1710Hh3cDot11WIDSRptAPEntry ::= SEQUENCE 1711 { 1712 hh3cDot11WIDSRptAPMAC MacAddress, 1713 hh3cDot11WIDSRptAPName OCTET STRING, 1714 hh3cDot11WIDSRptAPRadioID Hh3cDot11RadioScopeType, 1715 hh3cDot11WIDSRptAPMaxRSSI Integer32, 1716 hh3cDot11WIDSRptAPFstDctTime DateAndTime, 1717 hh3cDot11WIDSRptAPLstDctTime DateAndTime 1718 } 1719 1720hh3cDot11WIDSRptAPMAC OBJECT-TYPE 1721 SYNTAX MacAddress 1722 MAX-ACCESS not-accessible 1723 STATUS current 1724 DESCRIPTION 1725 "Represents the MAC address of the AP that detected the device." 1726 ::= { hh3cDot11WIDSRptAPEntry 1 } 1727 1728hh3cDot11WIDSRptAPName OBJECT-TYPE 1729 SYNTAX OCTET STRING 1730 MAX-ACCESS read-only 1731 STATUS current 1732 DESCRIPTION 1733 "Represents the name of the AP that detected the device." 1734 ::= { hh3cDot11WIDSRptAPEntry 2 } 1735 1736hh3cDot11WIDSRptAPRadioID OBJECT-TYPE 1737 SYNTAX Hh3cDot11RadioScopeType 1738 MAX-ACCESS read-only 1739 STATUS current 1740 DESCRIPTION 1741 "Represents the radio index of the AP that detected the device." 1742 ::= { hh3cDot11WIDSRptAPEntry 3 } 1743 1744hh3cDot11WIDSRptAPMaxRSSI OBJECT-TYPE 1745 SYNTAX Integer32 1746 MAX-ACCESS read-only 1747 STATUS current 1748 DESCRIPTION 1749 "Represents the maximum detected RSSI of the device." 1750 ::= { hh3cDot11WIDSRptAPEntry 4 } 1751 1752hh3cDot11WIDSRptAPFstDctTime OBJECT-TYPE 1753 SYNTAX DateAndTime 1754 MAX-ACCESS read-only 1755 STATUS current 1756 DESCRIPTION 1757 "Represents the time at which the rogue AP was detected first time." 1758 ::= { hh3cDot11WIDSRptAPEntry 5 } 1759 1760hh3cDot11WIDSRptAPLstDctTime OBJECT-TYPE 1761 SYNTAX DateAndTime 1762 MAX-ACCESS read-only 1763 STATUS current 1764 DESCRIPTION 1765 "Represents the time at which the rogue AP was detected last time." 1766 ::= { hh3cDot11WIDSRptAPEntry 6 } 1767-- ***************************************************************************** 1768-- * end of hh3cDot11WIDSRptAPTable Definition 1769-- ***************************************************************************** 1770 1771-- ***************************************************************************** 1772-- * hh3cDot11DynBlackListTable Definition 1773-- ***************************************************************************** 1774hh3cDot11DynBlackListTable OBJECT-TYPE 1775 SYNTAX SEQUENCE OF Hh3cDot11DynBlackListEntry 1776 MAX-ACCESS not-accessible 1777 STATUS current 1778 DESCRIPTION 1779 "This table contains information of dynamic blacklist entries." 1780 ::= { hh3cDot11WIDSDetectGroup 7 } 1781 1782hh3cDot11DynBlackListEntry OBJECT-TYPE 1783 SYNTAX Hh3cDot11DynBlackListEntry 1784 MAX-ACCESS not-accessible 1785 STATUS current 1786 DESCRIPTION 1787 "Each entry contains information of dynamic blacklist." 1788 INDEX 1789 { 1790 hh3cDot11DynBlackListMAC 1791 } 1792 ::= { hh3cDot11DynBlackListTable 1 } 1793 1794Hh3cDot11DynBlackListEntry ::= SEQUENCE 1795 { 1796 hh3cDot11DynBlackListMAC MacAddress, 1797 hh3cDot11DynBlackListTime Unsigned32, 1798 hh3cDot11DynBlackListReason OCTET STRING, 1799 hh3cDot11DynBlackListReset TruthValue, 1800 hh3cDot11DynBlackListTimeTicks TimeTicks 1801 } 1802 1803hh3cDot11DynBlackListMAC OBJECT-TYPE 1804 SYNTAX MacAddress 1805 MAX-ACCESS not-accessible 1806 STATUS current 1807 DESCRIPTION 1808 "Represents the MAC address of the device inserted into the dynamic 1809 blacklist." 1810 ::= { hh3cDot11DynBlackListEntry 1 } 1811 1812hh3cDot11DynBlackListTime OBJECT-TYPE 1813 SYNTAX Unsigned32 1814 UNITS "second" 1815 MAX-ACCESS read-only 1816 STATUS current 1817 DESCRIPTION 1818 "Represents the time elapsed since the entry was last updated." 1819 ::= { hh3cDot11DynBlackListEntry 2 } 1820 1821hh3cDot11DynBlackListReason OBJECT-TYPE 1822 SYNTAX OCTET STRING 1823 MAX-ACCESS read-only 1824 STATUS current 1825 DESCRIPTION 1826 "Represents the reason why the entry was added into the dynamic 1827 blacklist." 1828 ::= { hh3cDot11DynBlackListEntry 3 } 1829 1830hh3cDot11DynBlackListReset OBJECT-TYPE 1831 SYNTAX TruthValue 1832 MAX-ACCESS read-write 1833 STATUS current 1834 DESCRIPTION 1835 "This object is used to remove designated entry from the dynamic 1836 blacklist. 1837 The value which read from this object always is false." 1838 ::= { hh3cDot11DynBlackListEntry 4 } 1839 1840hh3cDot11DynBlackListTimeTicks OBJECT-TYPE 1841 SYNTAX TimeTicks 1842 MAX-ACCESS read-only 1843 STATUS current 1844 DESCRIPTION 1845 "Represents the time elapsed since the entry was last updated in units TimeTicks." 1846 ::= { hh3cDot11DynBlackListEntry 5 } 1847 1848-- ***************************************************************************** 1849-- * end of hh3cDot11DynBlackListTable Definition 1850-- ***************************************************************************** 1851 1852-- ***************************************************************************** 1853-- * hh3cDot11WIDSRogueHistoryTable Definition 1854-- ***************************************************************************** 1855hh3cDot11WIDSRogueHistoryTable OBJECT-TYPE 1856 SYNTAX SEQUENCE OF Hh3cDot11WIDSRogueHistoryEntry 1857 MAX-ACCESS not-accessible 1858 STATUS current 1859 DESCRIPTION 1860 "This table contains information of all expired rogue devices which 1861 have been deleted from the list of detected rogue devices because 1862 they could not be detected within the device aging duration." 1863 ::= { hh3cDot11WIDSDetectGroup 8 } 1864 1865hh3cDot11WIDSRogueHistoryEntry OBJECT-TYPE 1866 SYNTAX Hh3cDot11WIDSRogueHistoryEntry 1867 MAX-ACCESS not-accessible 1868 STATUS current 1869 DESCRIPTION 1870 "Each entry contains information of an expired rogue device which 1871 has been deleted from the list of detected rogue devices because 1872 they could not be detected within the device aging duration." 1873 INDEX 1874 { 1875 hh3cDot11WIDSRogueHisIndex 1876 } 1877 ::= { hh3cDot11WIDSRogueHistoryTable 1 } 1878 1879Hh3cDot11WIDSRogueHistoryEntry ::= SEQUENCE 1880 { 1881 hh3cDot11WIDSRogueHisIndex Integer32, 1882 hh3cDot11WIDSRogueHisMAC MacAddress, 1883 hh3cDot11WIDSRogueHisVendor OCTET STRING, 1884 hh3cDot11WIDSRogueHisType Hh3cDot11WIDSDevType, 1885 hh3cDot11WIDSRogueHisChl Hh3cDot11ChannelScopeType, 1886 hh3cDot11WIDSRogueHisSSID OCTET STRING, 1887 hh3cDot11WIDSRogueHisLastDctTime DateAndTime 1888 } 1889 1890hh3cDot11WIDSRogueHisIndex OBJECT-TYPE 1891 SYNTAX Integer32 1892 MAX-ACCESS not-accessible 1893 STATUS current 1894 DESCRIPTION 1895 "Represents index of this entry." 1896 ::= { hh3cDot11WIDSRogueHistoryEntry 1 } 1897 1898hh3cDot11WIDSRogueHisMAC OBJECT-TYPE 1899 SYNTAX MacAddress 1900 MAX-ACCESS read-only 1901 STATUS current 1902 DESCRIPTION 1903 "Represents the MAC address of the device." 1904 ::= { hh3cDot11WIDSRogueHistoryEntry 2 } 1905 1906hh3cDot11WIDSRogueHisVendor OBJECT-TYPE 1907 SYNTAX OCTET STRING 1908 MAX-ACCESS read-only 1909 STATUS current 1910 DESCRIPTION 1911 "Represents the vendor for the device." 1912 ::= { hh3cDot11WIDSRogueHistoryEntry 3 } 1913 1914hh3cDot11WIDSRogueHisType OBJECT-TYPE 1915 SYNTAX Hh3cDot11WIDSDevType 1916 MAX-ACCESS read-only 1917 STATUS current 1918 DESCRIPTION 1919 "Represents the type of the device." 1920 ::= { hh3cDot11WIDSRogueHistoryEntry 4 } 1921 1922hh3cDot11WIDSRogueHisChl OBJECT-TYPE 1923 SYNTAX Hh3cDot11ChannelScopeType 1924 MAX-ACCESS read-only 1925 STATUS current 1926 DESCRIPTION 1927 "Represents the channel in which the device was last detected." 1928 ::= { hh3cDot11WIDSRogueHistoryEntry 5 } 1929 1930hh3cDot11WIDSRogueHisSSID OBJECT-TYPE 1931 SYNTAX OCTET STRING 1932 MAX-ACCESS read-only 1933 STATUS current 1934 DESCRIPTION 1935 "Represents the service set identifier for the ESS of the device." 1936 ::= { hh3cDot11WIDSRogueHistoryEntry 6 } 1937 1938hh3cDot11WIDSRogueHisLastDctTime OBJECT-TYPE 1939 SYNTAX DateAndTime 1940 MAX-ACCESS read-only 1941 STATUS current 1942 DESCRIPTION 1943 "Represents the time at which the device was last detected." 1944 ::= { hh3cDot11WIDSRogueHistoryEntry 7 } 1945-- ***************************************************************************** 1946-- * end of hh3cDot11WIDSRogueHistoryTable Definition 1947-- ***************************************************************************** 1948 1949-- ***************************************************************************** 1950-- * hh3cDot11WIDSAtkHistroyTable Definition 1951-- ***************************************************************************** 1952hh3cDot11WIDSAtkHistroyTable OBJECT-TYPE 1953 SYNTAX SEQUENCE OF Hh3cDot11WIDSAtkHistroyEntry 1954 MAX-ACCESS not-accessible 1955 STATUS current 1956 DESCRIPTION 1957 "This table contains information of the history of attacks detected in 1958 the WLAN system." 1959 ::= { hh3cDot11WIDSDetectGroup 9 } 1960 1961hh3cDot11WIDSAtkHistroyEntry OBJECT-TYPE 1962 SYNTAX Hh3cDot11WIDSAtkHistroyEntry 1963 MAX-ACCESS not-accessible 1964 STATUS current 1965 DESCRIPTION 1966 "Each entry contains information of the history of attacks detected in 1967 the WLAN system." 1968 INDEX 1969 { 1970 hh3cDot11WIDSAtkHisIndex 1971 } 1972 ::= { hh3cDot11WIDSAtkHistroyTable 1 } 1973 1974Hh3cDot11WIDSAtkHistroyEntry ::= SEQUENCE 1975 { 1976 hh3cDot11WIDSAtkHisIndex Integer32, 1977 hh3cDot11WIDSAtkHisMAC MacAddress, 1978 hh3cDot11WIDSAtkHisType Hh3cDot11WIDSAtkType, 1979 hh3cDot11WIDSAtkHisChl Hh3cDot11ChannelScopeType, 1980 hh3cDot11WIDSAtkHisRSSI Integer32, 1981 hh3cDot11WIDSAtkHisDctTime DateAndTime, 1982 hh3cDot11WIDSAtkHisAPName OCTET STRING 1983 } 1984 1985hh3cDot11WIDSAtkHisIndex OBJECT-TYPE 1986 SYNTAX Integer32 1987 MAX-ACCESS not-accessible 1988 STATUS current 1989 DESCRIPTION 1990 "Represents index of this entry." 1991 ::= { hh3cDot11WIDSAtkHistroyEntry 1 } 1992 1993hh3cDot11WIDSAtkHisMAC OBJECT-TYPE 1994 SYNTAX MacAddress 1995 MAX-ACCESS read-only 1996 STATUS current 1997 DESCRIPTION 1998 "Represents the Mac address. In case of spoof attacks, this field 1999 provides the BSSID which was spoofed. In case of other attacks, 2000 this field provides the MAC address of the device which initiated 2001 the attack." 2002 ::= { hh3cDot11WIDSAtkHistroyEntry 2 } 2003 2004hh3cDot11WIDSAtkHisType OBJECT-TYPE 2005 SYNTAX Hh3cDot11WIDSAtkType 2006 MAX-ACCESS read-only 2007 STATUS current 2008 DESCRIPTION 2009 "Represents the type of attack." 2010 ::= { hh3cDot11WIDSAtkHistroyEntry 3 } 2011 2012hh3cDot11WIDSAtkHisChl OBJECT-TYPE 2013 SYNTAX Hh3cDot11ChannelScopeType 2014 MAX-ACCESS read-only 2015 STATUS current 2016 DESCRIPTION 2017 "Represents the channel in which the attack was detected." 2018 ::= { hh3cDot11WIDSAtkHistroyEntry 4 } 2019 2020hh3cDot11WIDSAtkHisRSSI OBJECT-TYPE 2021 SYNTAX Integer32 2022 MAX-ACCESS read-only 2023 STATUS current 2024 DESCRIPTION 2025 "Represents the average RSSI of the designated attack." 2026 ::= { hh3cDot11WIDSAtkHistroyEntry 5 } 2027 2028hh3cDot11WIDSAtkHisDctTime OBJECT-TYPE 2029 SYNTAX DateAndTime 2030 MAX-ACCESS read-only 2031 STATUS current 2032 DESCRIPTION 2033 "Represents the time at which this attack was detected." 2034 ::= { hh3cDot11WIDSAtkHistroyEntry 6 } 2035 2036hh3cDot11WIDSAtkHisAPName OBJECT-TYPE 2037 SYNTAX OCTET STRING 2038 MAX-ACCESS read-only 2039 STATUS current 2040 DESCRIPTION 2041 "Represents the name of the AP which detected this attack." 2042 ::= { hh3cDot11WIDSAtkHistroyEntry 7 } 2043-- ***************************************************************************** 2044-- * end of hh3cDot11WIDSAtkHistroyTable Definition 2045-- ***************************************************************************** 2046 2047-- ***************************************************************************** 2048-- * hh3cDot11WIDSAtkStatis Definition 2049-- ***************************************************************************** 2050hh3cDot11WIDSAtkStatis OBJECT IDENTIFIER ::= { hh3cDot11WIDSDetectGroup 10 } 2051 2052hh3cDot11WIDSAtkStasStartTime OBJECT-TYPE 2053 SYNTAX DateAndTime 2054 MAX-ACCESS read-only 2055 STATUS current 2056 DESCRIPTION 2057 "Represents current attack tracking time. It is started at the system 2058 startup and is refreshed each hour subsequently." 2059 ::= { hh3cDot11WIDSAtkStatis 1 } 2060 2061-- ***************************************************************************** 2062-- * hh3cDot11WIDSAtkStasTable Definition 2063-- ***************************************************************************** 2064hh3cDot11WIDSAtkStasTable OBJECT-TYPE 2065 SYNTAX SEQUENCE OF Hh3cDot11WIDSAtkStasEntry 2066 MAX-ACCESS not-accessible 2067 STATUS current 2068 DESCRIPTION 2069 "This table contains information of the counts of attacks detected." 2070 ::= { hh3cDot11WIDSAtkStatis 2 } 2071 2072hh3cDot11WIDSAtkStasEntry OBJECT-TYPE 2073 SYNTAX Hh3cDot11WIDSAtkStasEntry 2074 MAX-ACCESS not-accessible 2075 STATUS current 2076 DESCRIPTION 2077 "Each entry contains information of the counts of attacks detected." 2078 INDEX 2079 { 2080 hh3cDot11WIDSAtkStasType 2081 } 2082 ::= { hh3cDot11WIDSAtkStasTable 1 } 2083 2084Hh3cDot11WIDSAtkStasEntry ::= SEQUENCE 2085 { 2086 hh3cDot11WIDSAtkStasType Hh3cDot11WIDSAtkType, 2087 hh3cDot11WIDSAtkStasCurCnt Unsigned32, 2088 hh3cDot11WIDSAtkStasTotalCnt Unsigned32 2089 } 2090 2091hh3cDot11WIDSAtkStasType OBJECT-TYPE 2092 SYNTAX Hh3cDot11WIDSAtkType 2093 MAX-ACCESS not-accessible 2094 STATUS current 2095 DESCRIPTION 2096 "Represents the type of attack." 2097 ::= { hh3cDot11WIDSAtkStasEntry 1 } 2098 2099hh3cDot11WIDSAtkStasCurCnt OBJECT-TYPE 2100 SYNTAX Unsigned32 2101 MAX-ACCESS read-only 2102 STATUS current 2103 DESCRIPTION 2104 "Represents the count of attacks detected since the time 2105 specified by the current attack tracking time. The current 2106 attack tracking time is started at the system startup and 2107 is refreshed each hour subsequently." 2108 ::= { hh3cDot11WIDSAtkStasEntry 2 } 2109 2110hh3cDot11WIDSAtkStasTotalCnt OBJECT-TYPE 2111 SYNTAX Unsigned32 2112 MAX-ACCESS read-only 2113 STATUS current 2114 DESCRIPTION 2115 "Represents the total count of the attacks detected since 2116 the system startup." 2117 ::= { hh3cDot11WIDSAtkStasEntry 3 } 2118-- ***************************************************************************** 2119-- * end of hh3cDot11WIDSAtkStasTable Definition 2120-- ***************************************************************************** 2121 2122-- ***************************************************************************** 2123-- * hh3cDot11BlackListTable Definition 2124-- ***************************************************************************** 2125hh3cDot11BlackListTable OBJECT-TYPE 2126 SYNTAX SEQUENCE OF Hh3cDot11BlackListEntry 2127 MAX-ACCESS not-accessible 2128 STATUS current 2129 DESCRIPTION 2130 "This table contains information of blacklist entries, including 2131 dynamic and static." 2132 ::= { hh3cDot11WIDSDetectGroup 11 } 2133 2134hh3cDot11BlackListEntry OBJECT-TYPE 2135 SYNTAX Hh3cDot11BlackListEntry 2136 MAX-ACCESS not-accessible 2137 STATUS current 2138 DESCRIPTION 2139 "Each entry contains information of blacklist." 2140 INDEX 2141 { 2142 hh3cDot11BlackListMAC 2143 } 2144 ::= { hh3cDot11BlackListTable 1 } 2145 2146Hh3cDot11BlackListEntry ::= SEQUENCE 2147 { 2148 hh3cDot11BlackListMAC MacAddress, 2149 hh3cDot11BlackListTime Unsigned32, 2150 hh3cDot11BlackListReason OCTET STRING, 2151 hh3cDot11BlackListRowStatus RowStatus, 2152 hh3cDot11BlackListTimeTicks TimeTicks 2153 } 2154 2155hh3cDot11BlackListMAC OBJECT-TYPE 2156 SYNTAX MacAddress 2157 MAX-ACCESS not-accessible 2158 STATUS current 2159 DESCRIPTION 2160 "This object represents the MAC address of the device inserted into 2161 the table." 2162 ::= { hh3cDot11BlackListEntry 1 } 2163 2164hh3cDot11BlackListTime OBJECT-TYPE 2165 SYNTAX Unsigned32 2166 UNITS "minutes" 2167 MAX-ACCESS read-only 2168 STATUS current 2169 DESCRIPTION 2170 "Represents the time elapsed since the entry was last updated. 2171 If it is static blacklist, the value is always 0." 2172 ::= { hh3cDot11BlackListEntry 2 } 2173 2174hh3cDot11BlackListReason OBJECT-TYPE 2175 SYNTAX OCTET STRING 2176 MAX-ACCESS read-only 2177 STATUS current 2178 DESCRIPTION 2179 "Represents the reason why the entry was added into the blacklist." 2180 ::= { hh3cDot11BlackListEntry 3 } 2181 2182hh3cDot11BlackListRowStatus OBJECT-TYPE 2183 SYNTAX RowStatus 2184 MAX-ACCESS read-create 2185 STATUS current 2186 DESCRIPTION 2187 "This object represents the status of this table entry." 2188 ::= { hh3cDot11BlackListEntry 4 } 2189 2190hh3cDot11BlackListTimeTicks OBJECT-TYPE 2191 SYNTAX TimeTicks 2192 MAX-ACCESS read-only 2193 STATUS current 2194 DESCRIPTION 2195 "Represents the time elapsed since the entry was last updated in timetick. 2196 If it is static blacklist, the value is always 0." 2197 ::= { hh3cDot11BlackListEntry 5 } 2198-- ***************************************************************************** 2199-- * end of hh3cDot11BlackListTable Definition 2200-- ***************************************************************************** 2201 2202 2203-- ***************************************************************************** 2204-- * end of hh3cDot11WIDSAtkStatis Definition 2205-- ***************************************************************************** 2206 2207-- ***************************************************************************** 2208-- * Notifications OF hh3cDot11WIDSNotifyGroup 2209-- ***************************************************************************** 2210-- WIDS Notification 2211 hh3cDot11WIDSTraps OBJECT IDENTIFIER 2212 ::= { hh3cDot11WIDSNotifyGroup 1 } 2213 2214hh3cDot11WIDSDetectRogueTrap NOTIFICATION-TYPE 2215 OBJECTS 2216 { 2217 hh3cDot11WIDSRogueMAC, 2218 hh3cDot11WIDSRogueType, 2219 hh3cDot11WIDSMonitorMAC, 2220 hh3cDot11MonitorAPID, 2221 hh3cDot11MonitorApRadioID 2222 } 2223 STATUS current 2224 DESCRIPTION 2225 "The notification represents that a rogue AP or a station was 2226 detected by WIDS. 2227 The NMS would refer to MIB table under hh3cDot11WIDSDetectGroup 2228 group to get more detailed information." 2229 ::= { hh3cDot11WIDSTraps 1 } 2230 2231hh3cDot11WIDSAdHocTrap NOTIFICATION-TYPE 2232 OBJECTS 2233 { 2234 hh3cDot11WIDSAdHocMAC, 2235 hh3cDot11WIDSMonitorMAC 2236 } 2237 STATUS current 2238 DESCRIPTION 2239 "The notification represents a rogue Ad hoc station was detected." 2240 ::= { hh3cDot11WIDSTraps 2 } 2241 2242hh3cDot11WIDSUnauthorSSIDTrap NOTIFICATION-TYPE 2243 OBJECTS 2244 { 2245 hh3cDot11UnauthorSSIDName, 2246 hh3cDot11WIDSMonitorMAC, 2247 hh3cDot11MonitorAPID, 2248 hh3cDot11MonitorApRadioID 2249 } 2250 STATUS current 2251 DESCRIPTION 2252 "The notification represents which unauthorized SSID are 2253 accessed in the network. 2254 The notification will be sent to NMS when an 2255 unauthorized SSID is detected on the network for the 2256 first time." 2257 ::= { hh3cDot11WIDSTraps 3 } 2258 2259hh3cDot11WIDSDisappearRogueTrap NOTIFICATION-TYPE 2260 OBJECTS 2261 { 2262 hh3cDot11WIDSRogueMAC 2263 } 2264 STATUS current 2265 DESCRIPTION 2266 "The notification represents that a rogue device has aged out 2267 and moved to history table or the device type has been changed 2268 to friendly. 2269 The notification will be sent to NMS whenever a rogue disappears." 2270 ::= { hh3cDot11WIDSTraps 4 } 2271 2272hh3cDot11WIDSDetectAttack NOTIFICATION-TYPE 2273 OBJECTS 2274 { 2275 hh3cDot11WIDSAtkHisType, 2276 hh3cDot11WIDSAtkHisChl, 2277 hh3cDot11WIDSAtkHisDctTime, 2278 hh3cDot11WIDSAtkHisAPName 2279 } 2280 STATUS current 2281 DESCRIPTION 2282 "This notification occurs when some type of attack is detected. 2283 " 2284 ::= { hh3cDot11WIDSTraps 5 } 2285 2286hh3cDot11WIDSDetectWBridge NOTIFICATION-TYPE 2287 OBJECTS 2288 { 2289 hh3cDot11WIDSRptAPName, 2290 hh3cDot11WIDSRptAPRadioID, 2291 hh3cDot11WIDSRptAPLstDctTime 2292 } 2293 STATUS current 2294 DESCRIPTION 2295 "This notification occurs whenever a detected device is classified 2296 as rogue wireless-bridge. 2297 " 2298 ::= { hh3cDot11WIDSTraps 6 } 2299 2300hh3cDot11WIDSFloodTrap NOTIFICATION-TYPE 2301 OBJECTS 2302 { 2303 hh3cDot11WIDSAtkMac, 2304 hh3cDot11WIDSAtkFrameType, 2305 hh3cDot11WIDSFirstTrapTime 2306 } 2307 STATUS current 2308 DESCRIPTION 2309 "This notification occurs when flood attack is detected. 2310 " 2311 ::= { hh3cDot11WIDSTraps 7 } 2312 2313hh3cDot11WIDSSpoofTrap NOTIFICATION-TYPE 2314 OBJECTS 2315 { 2316 hh3cDot11WIDSAtkMac, 2317 hh3cDot11WIDSAtkFrameType, 2318 hh3cDot11WIDSAtkChannel, 2319 hh3cDot11WIDSAtkTime, 2320 hh3cDot11WIDSAtkDestMac, 2321 hh3cDot11WIDSFirstTrapTime 2322 } 2323 STATUS current 2324 DESCRIPTION 2325 "This notification occurs when spoof attack is detected. 2326 " 2327 ::= { hh3cDot11WIDSTraps 8 } 2328 2329hh3cDot11WIDSWeakIVTrap NOTIFICATION-TYPE 2330 OBJECTS 2331 { 2332 hh3cDot11WIDSAtkMac, 2333 hh3cDot11WIDSAtkChannel, 2334 hh3cDot11WIDSAtkTime, 2335 hh3cDot11WIDSAtkDestMac, 2336 hh3cDot11WIDSFirstTrapTime 2337 } 2338 STATUS current 2339 DESCRIPTION 2340 "This notification occurs when weak IV attack is detected. 2341 " 2342 ::= { hh3cDot11WIDSTraps 9 } 2343 2344-- WIDS Notification variable object 2345 2346 hh3cDot11WIDSTrapVarObjects OBJECT IDENTIFIER 2347 ::= { hh3cDot11WIDSNotifyGroup 2 } 2348 2349hh3cDot11WIDSRogueMAC OBJECT-TYPE 2350 SYNTAX MacAddress 2351 MAX-ACCESS accessible-for-notify 2352 STATUS current 2353 DESCRIPTION 2354 "Represents which rogue AP or station." 2355 ::= { hh3cDot11WIDSTrapVarObjects 1 } 2356 2357hh3cDot11WIDSRogueType OBJECT-TYPE 2358 SYNTAX INTEGER 2359 { 2360 rogueAp(1), 2361 rogueStation(2) 2362 } 2363 MAX-ACCESS accessible-for-notify 2364 STATUS current 2365 DESCRIPTION 2366 "Represents the rogue type. 2367 The following value are supported 2368 rogueAp(1) - A rogue AP 2369 rogueStation(2) - A rogue Station" 2370 ::= { hh3cDot11WIDSTrapVarObjects 2 } 2371 2372hh3cDot11WIDSMonitorMAC OBJECT-TYPE 2373 SYNTAX MacAddress 2374 MAX-ACCESS accessible-for-notify 2375 STATUS current 2376 DESCRIPTION 2377 "Represents which monitor detected the rogue AP or station." 2378 ::= { hh3cDot11WIDSTrapVarObjects 3 } 2379 2380hh3cDot11WIDSAdHocMAC OBJECT-TYPE 2381 SYNTAX MacAddress 2382 MAX-ACCESS accessible-for-notify 2383 STATUS current 2384 DESCRIPTION 2385 "Represents the MAC address of Ad hoc station." 2386 ::= { hh3cDot11WIDSTrapVarObjects 4 } 2387 2388hh3cDot11UnauthorSSIDName OBJECT-TYPE 2389 SYNTAX Hh3cDot11SSIDStringType 2390 MAX-ACCESS accessible-for-notify 2391 STATUS current 2392 DESCRIPTION 2393 "Represents an unauthorized SSID." 2394 ::= { hh3cDot11WIDSTrapVarObjects 5 } 2395 2396hh3cDot11MonitorAPID OBJECT-TYPE 2397 SYNTAX Hh3cDot11ObjectIDType 2398 MAX-ACCESS accessible-for-notify 2399 STATUS current 2400 DESCRIPTION 2401 "Represents monitor AP's APID." 2402 ::= { hh3cDot11WIDSTrapVarObjects 6 } 2403 2404hh3cDot11MonitorApRadioID OBJECT-TYPE 2405 SYNTAX Hh3cDot11RadioScopeType 2406 MAX-ACCESS accessible-for-notify 2407 STATUS current 2408 DESCRIPTION 2409 "Represents monitor AP's radio ID" 2410 ::= { hh3cDot11WIDSTrapVarObjects 7 } 2411 2412hh3cDot11WIDSAtkMac OBJECT-TYPE 2413 SYNTAX MacAddress 2414 MAX-ACCESS accessible-for-notify 2415 STATUS current 2416 DESCRIPTION 2417 "Represents mac address of attack source." 2418 ::= { hh3cDot11WIDSTrapVarObjects 8 } 2419 2420hh3cDot11WIDSAtkFrameType OBJECT-TYPE 2421 SYNTAX OCTET STRING 2422 MAX-ACCESS accessible-for-notify 2423 STATUS current 2424 DESCRIPTION 2425 "Represents attack frame type." 2426 ::= { hh3cDot11WIDSTrapVarObjects 9 } 2427 2428hh3cDot11WIDSAtkChannel OBJECT-TYPE 2429 SYNTAX Hh3cDot11ChannelScopeType 2430 MAX-ACCESS accessible-for-notify 2431 STATUS current 2432 DESCRIPTION 2433 "Represents attack channel." 2434 ::= { hh3cDot11WIDSTrapVarObjects 10 } 2435 2436hh3cDot11WIDSAtkTime OBJECT-TYPE 2437 SYNTAX OCTET STRING 2438 MAX-ACCESS accessible-for-notify 2439 STATUS current 2440 DESCRIPTION 2441 "Represents when attacking happened." 2442 ::= { hh3cDot11WIDSTrapVarObjects 11 } 2443 2444hh3cDot11WIDSAtkDestMac OBJECT-TYPE 2445 SYNTAX MacAddress 2446 MAX-ACCESS accessible-for-notify 2447 STATUS current 2448 DESCRIPTION 2449 "Represents mac address of attack destination." 2450 ::= { hh3cDot11WIDSTrapVarObjects 12 } 2451 2452hh3cDot11WIDSFirstTrapTime OBJECT-TYPE 2453 SYNTAX TimeTicks 2454 MAX-ACCESS accessible-for-notify 2455 STATUS current 2456 DESCRIPTION 2457 "Represents the first trap time." 2458 ::= { hh3cDot11WIDSTrapVarObjects 13 } 2459-- ***************************************************************************** 2460-- * End OF hh3cDot11WIDSNotifyGroup 2461-- ***************************************************************************** 2462END 2463