-
Notifications
You must be signed in to change notification settings - Fork 124
/
Copy pathCISCO-WDS-IDS-MIB-V1SMI.my
309 lines (286 loc) · 10.9 KB
/
CISCO-WDS-IDS-MIB-V1SMI.my
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
-- MIB file created 09-Apr-2005 02:01:26, by
-- SMICng version 2.2.11-beta(PRO)(Solaris), January 20, 2001. Enterprise key cisco.com
CISCO-WDS-IDS-MIB DEFINITIONS ::= BEGIN
-- From file: "CISCO-WDS-IDS-MIB.my"
-- Compile options "4 7 F H N O W 03 06 0B 0G 0N 0T"
IMPORTS
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB
MacAddress, TimeStamp
FROM SNMPv2-TC-v1
ciscoMgmt
FROM CISCO-SMI
Gauge
FROM RFC1155-SMI
OBJECT-TYPE
FROM RFC-1212;
ciscoWdsIdsMIB OBJECT IDENTIFIER ::= { ciscoMgmt 457 }
-- MODULE-IDENTITY
-- LastUpdated
-- 200410170000Z
-- OrgName
-- Cisco Systems Inc.
-- ContactInfo
-- Cisco Systems,
-- Customer Service
-- Postal: 170 West Tasman Drive
-- San Jose, CA 95134
-- USA
-- Tel: +1 800 553-NETS
--
-- E-mail: [email protected]
-- Descr
-- This MIB is intended to be implemented on all
-- IOS based network entities that provide Wireless
-- Domain Services, for the purpose of providing network
-- management stations information about the various
-- attempts to compromise the security in the
-- 802.11-based wireless networks. Entities that can be
-- configured to provide Wireless Domain Services
-- could be an 802.11 Access Point, a Switch or any
-- other IOS network device, that allows the WDS
-- configuration.
--
-- The MIB reports the information about the MAC
-- spoofing attempts made by wireless clients to
-- compromise the security of the network.
--
-- MAC Spoofing is detected by the WDS when clients
-- attempt to authenticate with the WDS using the MAC
-- address of another client while roaming from one
-- AP to another. Upon detecting this, the WDS
-- provides the information about the client and the
-- username to the NMS as MIB objects.
--
-- The hierarchy of the WDS, AP and MNs is as follows.
--
-- +=====+ +=====+ +=====+
-- | | | | | |
-- | WDS | | WDS | | WDS |
-- | | | | | |
-- +=====+ +=====+ +=====+
-- / \ \ \
-- / \ \ \
-- / \ \ \
-- / \ \ \
-- / \ \ \
-- \/ \/ \/ \/
-- +~-~-~+ +~-~-~+ +~-~-~+ +~-~-~+
-- + + + + + + + +
-- + AP + + AP + + AP + + AP +
-- + + + + + + + +
-- +~-~-~+ +~-~-~+ +~-~-~+ +~-~-~+
-- .. . . .
-- .. . . .
-- . . . . .
-- . . . . .
-- . . . . .
-- . . . . .
-- \/ \/ \/ \/ \/
-- +.....+ +.....+ +-.-.-.+ +~-~-~+ +......+
-- + + + + + + + + + +
-- + MN + + MN + + MN + + MN + + MN +
-- + + + + + + + + + +
-- +.....+ +.....+ +-.-.-.+ +~-~-~+ +......+
--
--
-- The WDS include authentication and registration
-- services for the APs. An AP provides Proxy
-- Authentication and registration services for the
-- MNs.
--
-- The wireless connections are represented as dotted
-- lines in the above diagram.
--
-- GLOSSARY
--
-- Access Point ( AP )
--
-- An entity that contains an 802.11 medium access
-- control ( MAC ) and physical layer ( PHY ) interface
-- and provides access to the distribution services via
-- the wireless medium for associated clients.
--
--
-- Mobile Node ( MN )
--
-- A roaming 802.11 wireless device in a wireless
-- network associated with an access point.
--
--
-- Wireless Domain Services (WDS)
--
-- The set of services being offered at a particular
-- broadcast domain that may be an IP subnet or a
-- particular VLAN, or across the L3 cloud. The
-- services include the following.
--
-- 1. MN security credential caching to provide
-- seamless, secure intra-subnet roaming.
--
-- 2. Authenticated context transfer for roaming
-- client within the subnet.
--
-- Context
--
-- The mobility context for an MN includes its current
-- mobility bindings with the APs, IP/802 address
-- bindings, cached configuration parameters, QoS state,
-- IP group membership, authentication state, accounting
-- statistics, and other dynamically derived protocol
-- state information.
-- RevDate
-- 200410170000Z
-- RevDescr
-- Initial version of this MIB module.
ciscoWdsIdsMIBObjects OBJECT IDENTIFIER ::= { ciscoWdsIdsMIB 1 }
ciscoWdsIdsMacSpoofing OBJECT IDENTIFIER ::= { ciscoWdsIdsMIBObjects 1 }
ciscoWdsIdsMIBConform OBJECT IDENTIFIER ::= { ciscoWdsIdsMIB 2 }
ciscoWdsIdsMIBCompliances OBJECT IDENTIFIER ::= { ciscoWdsIdsMIBConform 1 }
ciscoWdsIdsMIBGroups OBJECT IDENTIFIER ::= { ciscoWdsIdsMIBConform 2 }
ciscoWdsIdsMaxMacAddresses OBJECT-TYPE
SYNTAX INTEGER(1..2147483647)
ACCESS read-write
STATUS mandatory
DESCRIPTION
"This object indicates the maximum number of
different MAC addresses for which spoofing events
are held in this table. "
::= { ciscoWdsIdsMacSpoofing 1 }
ciscoWdsIdsMaxEntriesPerMac OBJECT-TYPE
SYNTAX INTEGER(1..2147483647)
ACCESS read-write
STATUS mandatory
DESCRIPTION
"This object indicates the maximum number of entries
that can be held for a particular MAC address
indicated by the object
ciscoWdsIdsMacSpoofStaMacAddress. "
::= { ciscoWdsIdsMacSpoofing 2 }
ciscoWdsIdsMacSpoofTable OBJECT-TYPE
SYNTAX SEQUENCE OF CiscoWdsIdsMacSpoofEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"This table gives the information about the MAC
spoofing attacks detected by the network entity
offering WDS.
An entry in this table is created by the agent when
the WDS detects a MAC spoofing attack.
The agent at anytime will retain only the most
recent and maximum number of entries possible
for a particular MAC. The older entries are
purged automatically when the number of entries
for a particular MAC reaches its maximum.
Thus, there can be a maximum of those many
different MAC addresses indicated by
ciscoWdsIdsMaxMacAddresses and for each MAC
address, the maximum number of entries is
indicated by the value of the MIB object
ciscoWdsIdsMaxEntriesPerMac.
MAC spoofing is detected only by the network entity
serving as the active WDS and hence this table
is populated only by the active WDS as indicated
by the values 'wds' and 'active' for the MIB objects
cDot11csServiceType and cDot11csWdsInstanceState
respectively. If cDot11csServiceType equals 'none'
indicating that WDS is not configured in this
station, or cDot11csWdsInstanceState not equals
'active' indicating that this entity is not the
currently active WDS, a 'noSuchInstance' error
is returned for the queries to the objects of this
table. "
::= { ciscoWdsIdsMacSpoofing 3 }
ciscoWdsIdsMacSpoofEntry OBJECT-TYPE
SYNTAX CiscoWdsIdsMacSpoofEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"An entry holds the information about one instance of
MAC spoofing attack detected on the radio interface
of the AP identified by
ciscoWdsIdsMacSpoofStaMacAddress. "
INDEX { ciscoWdsIdsMacSpoofStaMacAddress, ciscoWdsIdsMacSpoofIndex }
::= { ciscoWdsIdsMacSpoofTable 1 }
CiscoWdsIdsMacSpoofEntry ::= SEQUENCE {
ciscoWdsIdsMacSpoofStaMacAddress MacAddress,
ciscoWdsIdsMacSpoofIndex Gauge,
ciscoWdsIdsMacSpoofClient MacAddress,
ciscoWdsIdsMacSpoofUserId SnmpAdminString,
ciscoWdsIdsMacSpoofDetectTime TimeStamp
}
ciscoWdsIdsMacSpoofStaMacAddress OBJECT-TYPE
SYNTAX MacAddress
-- Rsyntax OCTET STRING(SIZE(6))
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"This object identifies the radio interface of the
802.11 station, that has forwarded the
authentication request of the client with the
spoofed MAC address indicated by
ciscoWdsIdsMacSpoofClient, to the WDS. "
::= { ciscoWdsIdsMacSpoofEntry 1 }
ciscoWdsIdsMacSpoofIndex OBJECT-TYPE
SYNTAX Gauge
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"This object identifies the set of information about
one instance of a MAC spoofing attack detected by
the WDS. The radio interface of the 802.11 station
that has forwarded the authentication request is
identified by ciscoWdsIdsMacSpoofStaMacAddress. "
::= { ciscoWdsIdsMacSpoofEntry 2 }
ciscoWdsIdsMacSpoofClient OBJECT-TYPE
SYNTAX MacAddress
-- Rsyntax OCTET STRING(SIZE(6))
ACCESS read-only
STATUS mandatory
DESCRIPTION
"This object indicates the MAC address that
has been spoofed. "
::= { ciscoWdsIdsMacSpoofEntry 3 }
ciscoWdsIdsMacSpoofUserId OBJECT-TYPE
SYNTAX SnmpAdminString(SIZE(1..253))
-- Rsyntax OCTET STRING(SIZE(1..253))
ACCESS read-only
STATUS mandatory
DESCRIPTION
"This object indicates the userId used by the
wireless client when attempting the MAC spoofing
attack. "
::= { ciscoWdsIdsMacSpoofEntry 4 }
ciscoWdsIdsMacSpoofDetectTime OBJECT-TYPE
SYNTAX TimeStamp
-- Rsyntax TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION
"This object indicates the time at which this MAC
spoofing attempt is detected by the WDS. "
::= { ciscoWdsIdsMacSpoofEntry 5 }
ciscoWdsIdsMacSpoofingGroup OBJECT IDENTIFIER ::= { ciscoWdsIdsMIBGroups 1 }
-- OBJECT-GROUP
-- Status
-- mandatory
-- Descr
-- This collection of objects provide the information
-- about the various attempts to spoof the MAC addresses
-- of valid wireless clients in the network.
-- objects
-- ciscoWdsIdsMaxMacAddresses, ciscoWdsIdsMaxEntriesPerMac,
-- ciscoWdsIdsMacSpoofClient, ciscoWdsIdsMacSpoofUserId,
-- ciscoWdsIdsMacSpoofDetectTime
ciscoWdsIdsMIBCompliance OBJECT IDENTIFIER ::= { ciscoWdsIdsMIBCompliances 1 }
-- MODULE-COMPLIANCE
-- Status
-- mandatory
-- Descr
-- The compliance statement for the SNMP entities that
-- implement the ciscoWdsIdsMIB module.
-- Module
-- >>current<<
-- MandGroup
-- ciscoWdsIdsMacSpoofingGroup
END