mibs/CISCOSB-SECURITY-SUITE

CISCOSB-SECURITY-SUITE DEFINITIONS ::= BEGIN

-- Version:    7.42_00
-- Date:       24 JAN 2006


IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE,Counter32,
    Gauge32, Unsigned32, IpAddress, TimeTicks   FROM SNMPv2-SMI
    InterfaceIndexOrZero, InterfaceIndex        FROM IF-MIB
    TEXTUAL-CONVENTION,TruthValue, RowStatus,
    RowPointer, DisplayString                   FROM SNMPv2-TC
    Percents,switch001                               FROM CISCOSB-MIB
    PortList                                    FROM Q-BRIDGE-MIB;


rlSecuritySuiteMib MODULE-IDENTITY
        LAST-UPDATED "200604080000Z"
		ORGANIZATION "Cisco Small Business"

		CONTACT-INFO
		"Postal: 170 West Tasman Drive
		San Jose , CA 95134-1706
		USA

		Website: Cisco Small Business Home http://www.cisco.com/smb>;,
		Cisco Small Business Support Community <http://www.cisco.com/go/smallbizsupport>"

        DESCRIPTION
                "The private MIB module definition for blocking attacks
                such as DoS(=Denial Of Service), SYN and well known viruses Attacks
                in CISCOSB devices."
        REVISION "200601090000Z"
        DESCRIPTION
                "Add per port dos attack table suport
                rlSecuritySuiteDenyTypesTable ,rlSecuritySuiteDoSSynAttackTable."
        ::= { switch001  120}

RlsecuritySuiteGlobalEnableType ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
        "Specifies the operating modes of the security-suite"
    SYNTAX INTEGER {
        enable-global-rules-only(1),
        enable-all-rules-types(2),
        disable(3)
    }

RlSecuritySuiteKnownDosAttackType ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
        "Specifies well-known DoS attack"
    SYNTAX INTEGER {
        stacheldraht(1),
        invasor-Trojan(2),
        back-orifice-Trojan(3)
    }

RlSecuritySuiteKnownDosAttackProtocolType ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
        "Specifies protocol type of the well-known DoS attack"
    SYNTAX INTEGER {
        tcp(1),
        upd(2)
    }

RlSecuritySuiteAllMartianEntryType ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
        "Specifies Martian-address origin: pre-defined (reserved) or statically configured"
    SYNTAX INTEGER {
        reserved(1),
        static(2)
    }

RlSecuritySuiteDenyAttackType ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
        "Specifies the deny attack types"
    SYNTAX INTEGER {
        syn(1),
        icmp-echo-request(2),
        fragmented(3)
    }

rlSecuritySuiteGlobalEnable OBJECT-TYPE
 SYNTAX     RlsecuritySuiteGlobalEnableType
 MAX-ACCESS read-write
 STATUS     current
 DESCRIPTION
     "This scalar globally enables/disables the DoS attack Suite. "
    ::= { rlSecuritySuiteMib 1 }

rlSecuritySuiteKnownDoSAttacksTable OBJECT-TYPE
    SYNTAX SEQUENCE OF RlSecuritySuiteKnownDoSAttacksEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "This table enables/disable well-know DoS attacks,
        applied globally to all ifIndexes."
    ::= { rlSecuritySuiteMib 2 }

rlSecuritySuiteKnownDoSAttacksEntry OBJECT-TYPE
    SYNTAX     RlSecuritySuiteKnownDoSAttacksEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
   "Each entry in this table describes one well known DoS attack address"
    INDEX { rlSecuritySuiteKnownDoSAttack}
    ::= { rlSecuritySuiteKnownDoSAttacksTable 1 }

RlSecuritySuiteKnownDoSAttacksEntry::= SEQUENCE {
    rlSecuritySuiteKnownDoSAttack          RlSecuritySuiteKnownDosAttackType,
    rlSecuritySuiteKnownDoSAttackEnable    TruthValue
    }

rlSecuritySuiteKnownDoSAttack OBJECT-TYPE
    SYNTAX     RlSecuritySuiteKnownDosAttackType
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "A well-known DoS attack to enable"
    ::= { rlSecuritySuiteKnownDoSAttacksEntry 1 }

rlSecuritySuiteKnownDoSAttackEnable OBJECT-TYPE
    SYNTAX     TruthValue
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
        "Enable/Disable a well-known DoS attack "
    ::= { rlSecuritySuiteKnownDoSAttacksEntry 2 }

rlSecuritySuiteKnownDoSAttacksDetailsTable OBJECT-TYPE
    SYNTAX SEQUENCE OF RlSecuritySuiteKnownDoSAttacksDetailsEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "This read-only table used to present the detailed attributes
        of each well-known DoS attack. Used for presentation propose only."
    ::= { rlSecuritySuiteMib 3 }

rlSecuritySuiteKnownDoSAttacksDetailsEntry OBJECT-TYPE
    SYNTAX     RlSecuritySuiteKnownDoSAttacksDetailsEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
   "Each entry in this table describes one well known DoS attack address ,"
    INDEX { rlSecuritySuiteKnownDoSAttack}
    ::= { rlSecuritySuiteKnownDoSAttacksDetailsTable 1 }

RlSecuritySuiteKnownDoSAttacksDetailsEntry::= SEQUENCE {
    rlSecuritySuiteKnownDoSAttackProtocl           RlSecuritySuiteKnownDosAttackProtocolType,
    rlSecuritySuiteKnownDoSAttackSrcTcpUdpPort     INTEGER,
    rlSecuritySuiteKnownDoSAttackDestTcpUdpPort    INTEGER
    }
rlSecuritySuiteKnownDoSAttackProtocl OBJECT-TYPE
    SYNTAX     RlSecuritySuiteKnownDosAttackProtocolType
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "Specifies the protocol type of the relevant well-known attack"
    ::= { rlSecuritySuiteKnownDoSAttacksDetailsEntry 1 }

rlSecuritySuiteKnownDoSAttackSrcTcpUdpPort OBJECT-TYPE
    SYNTAX     INTEGER
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "Specifies the source tcp/udp port of the relevant well-known attack"
    ::= { rlSecuritySuiteKnownDoSAttacksDetailsEntry 2 }

rlSecuritySuiteKnownDoSAttackDestTcpUdpPort OBJECT-TYPE
    SYNTAX     INTEGER
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "Specifies the destination tcp/udp port of the relevant well-known attack"
    ::= { rlSecuritySuiteKnownDoSAttacksDetailsEntry 3 }

rlSecuritySuiteReservedMartianAddresses OBJECT-TYPE
   SYNTAX     TruthValue
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
     "This scalar globally enables/disables discarding of the IP
     well-known addresses described below:
    -------------------------------------------------------------------------------
    |  Address block               |  Present use
    |-------------------------------------------------------------------------------
    |0.0.0.0/8                     |  Addresses in this block refer to source hosts
    |(except 0.0.0.0/32            |  on 'this' network.
    | as source address)           |
    |------------------------------------------------------------------------------
    |127.0.0.0/8                   | This block is assigned for use as the Internet host loop-back address.
    |-----------------------------------------------------------------------------------------------------
    |192.0.2.0/24                  | This block is assigned as 'TEST-NET'
    |                              | for use in documentation and example code.
    |---------------------------------------------------------------------------
    |224.0.0.0/4 as source.        | This block, formerly known as the Class D address space,
    |                              | is allocated for use in IPv4 multicast address assignments.
    |-------------------------------------------------------------------------------------------
    |240.0.0.0/4                   |
    |(except 255.255.255.255/32    | This block, formerly known as the Class E address space, is reserved.
    | as destination address)      |
    |-------------------------------------------------------------------------------------------------------
   "
    ::= { rlSecuritySuiteMib 4 }

rlSecuritySuiteMartianAddrAllTable OBJECT-TYPE
    SYNTAX SEQUENCE OF RlSecuritySuiteMartianAddrAllEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "This read-only table specifies all current configured Martian addresses -
        both pre-defined (=reserved) and used-configured (=static) addresses"
    ::= { rlSecuritySuiteMib 5 }

rlSecuritySuiteMartianAddrAllEntry OBJECT-TYPE
    SYNTAX     RlSecuritySuiteMartianAddrAllEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
   "Each entry in this table describes one Martian address ,
   packets with this address as IP source or IP destination, are discarded."
    INDEX { rlSecuritySuiteMartianAddr,rlSecuritySuiteMartianAddrNetMask}
    ::= { rlSecuritySuiteMartianAddrAllTable 1 }

RlSecuritySuiteMartianAddrAllEntry::= SEQUENCE {
    rlSecuritySuiteMartianAddr                  IpAddress,
    rlSecuritySuiteMartianAddrNetMask           IpAddress,
    rlSecuritySuiteAllMartianEntryType          RlSecuritySuiteAllMartianEntryType
    }
rlSecuritySuiteMartianAddr OBJECT-TYPE
    SYNTAX     IpAddress
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "An IP address to discard all packets with that address as source
        or destination"
    ::= { rlSecuritySuiteMartianAddrAllEntry 1 }

rlSecuritySuiteMartianAddrNetMask OBJECT-TYPE
    SYNTAX     IpAddress
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "Specify the net mask that comprise the destination IP address prefix."
    ::= { rlSecuritySuiteMartianAddrAllEntry 2 }

rlSecuritySuiteAllMartianEntryType OBJECT-TYPE
    SYNTAX     RlSecuritySuiteAllMartianEntryType
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "Specific the entry origin: pre-defined (reserved) of statically configured."
    ::= { rlSecuritySuiteMartianAddrAllEntry 3 }

rlSecuritySuiteMartianAddrTable OBJECT-TYPE
    SYNTAX SEQUENCE OF RlDoSAttackMartianAddrEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "This table specifies the Martian addresses -
        the addresses that packets with these IP addressed as source or
        destination are discarded."
    ::= { rlSecuritySuiteMib 6 }

rlSecuritySuiteMartianAddrEntry OBJECT-TYPE
    SYNTAX     RlDoSAttackMartianAddrEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
   "Each entry in this table describes one Martian address ,
   packets with this address as IP source or IP destination, are discarded."
    INDEX { rlSecuritySuiteMartianAddr,rlSecuritySuiteMartianAddrNetMask}
    ::= { rlSecuritySuiteMartianAddrTable 1 }

RlDoSAttackMartianAddrEntry::= SEQUENCE {
    rlSecuritySuiteMartianAddrStatus              RowStatus
    }

rlSecuritySuiteMartianAddrStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
       "The status of a table entry.
        It is used to delete/Add an entry from this table."
    ::= { rlSecuritySuiteMartianAddrEntry 1  }

rlSecuritySuiteDoSSynAttackTable OBJECT-TYPE
    SYNTAX SEQUENCE OF RlSecuritySuiteDoSSynAttackEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "This table contains IP address and rate, to limit DoS SYN attacks from
        a specific IP address and interface(s)"
    ::= { rlSecuritySuiteMib 7 }

rlSecuritySuiteDoSSynAttackEntry OBJECT-TYPE
    SYNTAX     RlSecuritySuiteDoSSynAttackEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
   "Each entry in this table describes one Martian address ,
   packets with this address as IP source or IP destination, are discarded."
    INDEX { rlSecuritySuiteDoSSynAttackIfIndex,
            rlSecuritySuiteDoSSynAttackAddr,
            rlSecuritySuiteDoSSynAttackNetMask}
    ::= { rlSecuritySuiteDoSSynAttackTable 1 }

RlSecuritySuiteDoSSynAttackEntry::= SEQUENCE {
    rlSecuritySuiteDoSSynAttackIfIndex             InterfaceIndex,
    rlSecuritySuiteDoSSynAttackAddr                IpAddress,
    rlSecuritySuiteDoSSynAttackNetMask             IpAddress,
    rlSecuritySuiteDoSSynAttackSynRate             INTEGER,
    rlSecuritySuiteDoSSynAttackStatus              RowStatus
    }
rlSecuritySuiteDoSSynAttackIfIndex OBJECT-TYPE
    SYNTAX     InterfaceIndex
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "Interface which the attack is applied on"
    ::= { rlSecuritySuiteDoSSynAttackEntry 1 }

rlSecuritySuiteDoSSynAttackAddr OBJECT-TYPE
    SYNTAX     IpAddress
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "An IP address to discard all packets with that address as destination"
    ::= { rlSecuritySuiteDoSSynAttackEntry 2 }

rlSecuritySuiteDoSSynAttackNetMask OBJECT-TYPE
    SYNTAX     IpAddress
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "Relevant when rlSecuritySuiteSynAttackRangeType equals prefix(2).
        Specify the number of bits that comprise the destination
        IP address prefix."
    ::= { rlSecuritySuiteDoSSynAttackEntry 3 }

rlSecuritySuiteDoSSynAttackSynRate OBJECT-TYPE
    SYNTAX     INTEGER
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
        "Specify the maximum connections per second allowed from this IP address
        and rlSecuritySuiteSynAttackPortList"
    ::= { rlSecuritySuiteDoSSynAttackEntry 4 }

rlSecuritySuiteDoSSynAttackStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
       "The status of a table entry.
        It is used to delete/Add an entry from this table."
    ::= { rlSecuritySuiteDoSSynAttackEntry 6  }

rlSecuritySuiteDenyTypesTable OBJECT-TYPE
    SYNTAX SEQUENCE OF RlSecuritySuiteDenyTypesEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "This table specifies the ip address and TCP ports that
        TCP SYN packets from them on a specific interfaces are dropped."
    ::= { rlSecuritySuiteMib 8 }

rlSecuritySuiteDenyTypesEntry OBJECT-TYPE
    SYNTAX     RlSecuritySuiteDenyTypesEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
   "Each entry in this table describes one ip address, TCP port and
   list of ifIndexes, that packets with these attributes are discarded."
    INDEX { rlSecuritySuiteDenyIfIndex,
            rlSecuritySuiteDenyAttackType,
            rlSecuritySuiteDenyDestAddr,
            rlSecuritySuiteDenyNetMask,
            rlSecuritySuiteDenyDestPort}
    ::= { rlSecuritySuiteDenyTypesTable 1 }

RlSecuritySuiteDenyTypesEntry::= SEQUENCE {
    rlSecuritySuiteDenyIfIndex             InterfaceIndex,
    rlSecuritySuiteDenyAttackType          RlSecuritySuiteDenyAttackType,
    rlSecuritySuiteDenyDestAddr            IpAddress,
    rlSecuritySuiteDenyNetMask             IpAddress,
    rlSecuritySuiteDenyDestPort            INTEGER,
    rlSecuritySuiteDenyStatus              RowStatus
    }

rlSecuritySuiteDenyIfIndex OBJECT-TYPE
    SYNTAX     InterfaceIndex
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "Interface which the attack is applied on"
    ::= { rlSecuritySuiteDenyTypesEntry 1 }

rlSecuritySuiteDenyAttackType OBJECT-TYPE
    SYNTAX     RlSecuritySuiteDenyAttackType
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "The specific deny attack type"
    ::= { rlSecuritySuiteDenyTypesEntry 2 }

rlSecuritySuiteDenyDestAddr OBJECT-TYPE
    SYNTAX     IpAddress
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "An IP address to discard all packets with that address as destination"
    ::= { rlSecuritySuiteDenyTypesEntry 3 }

rlSecuritySuiteDenyNetMask OBJECT-TYPE
    SYNTAX     IpAddress
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "Relevant when rlSecuritySuiteDenyTCPRangeType equals mask(1).
        Specify the number of bits that comprise the destination
        IP address prefix."
    ::= { rlSecuritySuiteDenyTypesEntry 4 }

rlSecuritySuiteDenyDestPort OBJECT-TYPE
    SYNTAX     INTEGER
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "Destination TCP port.
        Use 65553 to specify all ports.
        This key-field is relevant in specific attack types (not all)
        Use 0 when not relevant."
    ::= { rlSecuritySuiteDenyTypesEntry 5 }

rlSecuritySuiteDenyStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
       "The status of a table entry.
        It is used to delete/Add an entry from this table."
    ::= { rlSecuritySuiteDenyTypesEntry 6  }
END
THIS! IS! MIB! CITY! git-svn-id: http://www.observium.org/svn/observer/trunk@2895 61d68cd4-352d-0410-923a-c4978735b2b8 2012-03-15 17:10:45 +00:00			`CISCOSB-SECURITY-SUITE DEFINITIONS ::= BEGIN`

			`-- Version: 7.42_00`
			`-- Date: 24 JAN 2006`



			`IMPORTS`
			`MODULE-IDENTITY, OBJECT-TYPE,Counter32,`
			`Gauge32, Unsigned32, IpAddress, TimeTicks FROM SNMPv2-SMI`
			`InterfaceIndexOrZero, InterfaceIndex FROM IF-MIB`
			`TEXTUAL-CONVENTION,TruthValue, RowStatus,`
			`RowPointer, DisplayString FROM SNMPv2-TC`
			`Percents,switch001 FROM CISCOSB-MIB`
			`PortList FROM Q-BRIDGE-MIB;`


			`rlSecuritySuiteMib MODULE-IDENTITY`
			`LAST-UPDATED "200604080000Z"`
			`ORGANIZATION "Cisco Small Business"`

			`CONTACT-INFO`
			`"Postal: 170 West Tasman Drive`
			`San Jose , CA 95134-1706`
			`USA`

			`Website: Cisco Small Business Home http://www.cisco.com/smb>;,`
			`Cisco Small Business Support Community <http://www.cisco.com/go/smallbizsupport>"`

			`DESCRIPTION`
			`"The private MIB module definition for blocking attacks`
			`such as DoS(=Denial Of Service), SYN and well known viruses Attacks`
			`in CISCOSB devices."`
			`REVISION "200601090000Z"`
			`DESCRIPTION`
			`"Add per port dos attack table suport`
			`rlSecuritySuiteDenyTypesTable ,rlSecuritySuiteDoSSynAttackTable."`
			`::= { switch001 120}`

			`RlsecuritySuiteGlobalEnableType ::= TEXTUAL-CONVENTION`
			`STATUS current`
			`DESCRIPTION`
			`"Specifies the operating modes of the security-suite"`
			`SYNTAX INTEGER {`
			`enable-global-rules-only(1),`
			`enable-all-rules-types(2),`
			`disable(3)`
			`}`

			`RlSecuritySuiteKnownDosAttackType ::= TEXTUAL-CONVENTION`
			`STATUS current`
			`DESCRIPTION`
			`"Specifies well-known DoS attack"`
			`SYNTAX INTEGER {`
			`stacheldraht(1),`
			`invasor-Trojan(2),`
			`back-orifice-Trojan(3)`
			`}`

			`RlSecuritySuiteKnownDosAttackProtocolType ::= TEXTUAL-CONVENTION`
			`STATUS current`
			`DESCRIPTION`
			`"Specifies protocol type of the well-known DoS attack"`
			`SYNTAX INTEGER {`
			`tcp(1),`
			`upd(2)`
			`}`

			`RlSecuritySuiteAllMartianEntryType ::= TEXTUAL-CONVENTION`
			`STATUS current`
			`DESCRIPTION`
			`"Specifies Martian-address origin: pre-defined (reserved) or statically configured"`
			`SYNTAX INTEGER {`
			`reserved(1),`
			`static(2)`
			`}`

			`RlSecuritySuiteDenyAttackType ::= TEXTUAL-CONVENTION`
			`STATUS current`
			`DESCRIPTION`
			`"Specifies the deny attack types"`
			`SYNTAX INTEGER {`
			`syn(1),`
			`icmp-echo-request(2),`
			`fragmented(3)`
			`}`

			`rlSecuritySuiteGlobalEnable OBJECT-TYPE`
			`SYNTAX RlsecuritySuiteGlobalEnableType`
			`MAX-ACCESS read-write`
			`STATUS current`
			`DESCRIPTION`
			`"This scalar globally enables/disables the DoS attack Suite. "`
			`::= { rlSecuritySuiteMib 1 }`

			`rlSecuritySuiteKnownDoSAttacksTable OBJECT-TYPE`
			`SYNTAX SEQUENCE OF RlSecuritySuiteKnownDoSAttacksEntry`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"This table enables/disable well-know DoS attacks,`
			`applied globally to all ifIndexes."`
			`::= { rlSecuritySuiteMib 2 }`

			`rlSecuritySuiteKnownDoSAttacksEntry OBJECT-TYPE`
			`SYNTAX RlSecuritySuiteKnownDoSAttacksEntry`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"Each entry in this table describes one well known DoS attack address"`
			`INDEX { rlSecuritySuiteKnownDoSAttack}`
			`::= { rlSecuritySuiteKnownDoSAttacksTable 1 }`

			`RlSecuritySuiteKnownDoSAttacksEntry::= SEQUENCE {`
			`rlSecuritySuiteKnownDoSAttack RlSecuritySuiteKnownDosAttackType,`
			`rlSecuritySuiteKnownDoSAttackEnable TruthValue`
			`}`

			`rlSecuritySuiteKnownDoSAttack OBJECT-TYPE`
			`SYNTAX RlSecuritySuiteKnownDosAttackType`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"A well-known DoS attack to enable"`
			`::= { rlSecuritySuiteKnownDoSAttacksEntry 1 }`

			`rlSecuritySuiteKnownDoSAttackEnable OBJECT-TYPE`
			`SYNTAX TruthValue`
			`MAX-ACCESS read-write`
			`STATUS current`
			`DESCRIPTION`
			`"Enable/Disable a well-known DoS attack "`
			`::= { rlSecuritySuiteKnownDoSAttacksEntry 2 }`

			`rlSecuritySuiteKnownDoSAttacksDetailsTable OBJECT-TYPE`
			`SYNTAX SEQUENCE OF RlSecuritySuiteKnownDoSAttacksDetailsEntry`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"This read-only table used to present the detailed attributes`
			`of each well-known DoS attack. Used for presentation propose only."`
			`::= { rlSecuritySuiteMib 3 }`

			`rlSecuritySuiteKnownDoSAttacksDetailsEntry OBJECT-TYPE`
			`SYNTAX RlSecuritySuiteKnownDoSAttacksDetailsEntry`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"Each entry in this table describes one well known DoS attack address ,"`
			`INDEX { rlSecuritySuiteKnownDoSAttack}`
			`::= { rlSecuritySuiteKnownDoSAttacksDetailsTable 1 }`

			`RlSecuritySuiteKnownDoSAttacksDetailsEntry::= SEQUENCE {`
			`rlSecuritySuiteKnownDoSAttackProtocl RlSecuritySuiteKnownDosAttackProtocolType,`
			`rlSecuritySuiteKnownDoSAttackSrcTcpUdpPort INTEGER,`
			`rlSecuritySuiteKnownDoSAttackDestTcpUdpPort INTEGER`
			`}`
			`rlSecuritySuiteKnownDoSAttackProtocl OBJECT-TYPE`
			`SYNTAX RlSecuritySuiteKnownDosAttackProtocolType`
			`MAX-ACCESS read-only`
			`STATUS current`
			`DESCRIPTION`
			`"Specifies the protocol type of the relevant well-known attack"`
			`::= { rlSecuritySuiteKnownDoSAttacksDetailsEntry 1 }`

			`rlSecuritySuiteKnownDoSAttackSrcTcpUdpPort OBJECT-TYPE`
			`SYNTAX INTEGER`
			`MAX-ACCESS read-only`
			`STATUS current`
			`DESCRIPTION`
			`"Specifies the source tcp/udp port of the relevant well-known attack"`
			`::= { rlSecuritySuiteKnownDoSAttacksDetailsEntry 2 }`

			`rlSecuritySuiteKnownDoSAttackDestTcpUdpPort OBJECT-TYPE`
			`SYNTAX INTEGER`
			`MAX-ACCESS read-only`
			`STATUS current`
			`DESCRIPTION`
			`"Specifies the destination tcp/udp port of the relevant well-known attack"`
			`::= { rlSecuritySuiteKnownDoSAttacksDetailsEntry 3 }`

			`rlSecuritySuiteReservedMartianAddresses OBJECT-TYPE`
			`SYNTAX TruthValue`
			`MAX-ACCESS read-write`
			`STATUS current`
			`DESCRIPTION`
			`"This scalar globally enables/disables discarding of the IP`
			`well-known addresses described below:`
			`-------------------------------------------------------------------------------`
			`\| Address block \| Present use`
			`\|-------------------------------------------------------------------------------`
			`\|0.0.0.0/8 \| Addresses in this block refer to source hosts`
			`\|(except 0.0.0.0/32 \| on 'this' network.`
			`\| as source address) \|`
			`\|------------------------------------------------------------------------------`
			`\|127.0.0.0/8 \| This block is assigned for use as the Internet host loop-back address.`
			`\|-----------------------------------------------------------------------------------------------------`
			`\|192.0.2.0/24 \| This block is assigned as 'TEST-NET'`
			`\| \| for use in documentation and example code.`
			`\|---------------------------------------------------------------------------`
			`\|224.0.0.0/4 as source. \| This block, formerly known as the Class D address space,`
			`\| \| is allocated for use in IPv4 multicast address assignments.`
			`\|-------------------------------------------------------------------------------------------`
			`\|240.0.0.0/4 \|`
			`\|(except 255.255.255.255/32 \| This block, formerly known as the Class E address space, is reserved.`
			`\| as destination address) \|`
			`\|-------------------------------------------------------------------------------------------------------`
			`"`
			`::= { rlSecuritySuiteMib 4 }`

			`rlSecuritySuiteMartianAddrAllTable OBJECT-TYPE`
			`SYNTAX SEQUENCE OF RlSecuritySuiteMartianAddrAllEntry`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"This read-only table specifies all current configured Martian addresses -`
			`both pre-defined (=reserved) and used-configured (=static) addresses"`
			`::= { rlSecuritySuiteMib 5 }`

			`rlSecuritySuiteMartianAddrAllEntry OBJECT-TYPE`
			`SYNTAX RlSecuritySuiteMartianAddrAllEntry`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"Each entry in this table describes one Martian address ,`
			`packets with this address as IP source or IP destination, are discarded."`
			`INDEX { rlSecuritySuiteMartianAddr,rlSecuritySuiteMartianAddrNetMask}`
			`::= { rlSecuritySuiteMartianAddrAllTable 1 }`

			`RlSecuritySuiteMartianAddrAllEntry::= SEQUENCE {`
			`rlSecuritySuiteMartianAddr IpAddress,`
			`rlSecuritySuiteMartianAddrNetMask IpAddress,`
			`rlSecuritySuiteAllMartianEntryType RlSecuritySuiteAllMartianEntryType`
			`}`
			`rlSecuritySuiteMartianAddr OBJECT-TYPE`
			`SYNTAX IpAddress`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"An IP address to discard all packets with that address as source`
			`or destination"`
			`::= { rlSecuritySuiteMartianAddrAllEntry 1 }`

			`rlSecuritySuiteMartianAddrNetMask OBJECT-TYPE`
			`SYNTAX IpAddress`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"Specify the net mask that comprise the destination IP address prefix."`
			`::= { rlSecuritySuiteMartianAddrAllEntry 2 }`

			`rlSecuritySuiteAllMartianEntryType OBJECT-TYPE`
			`SYNTAX RlSecuritySuiteAllMartianEntryType`
			`MAX-ACCESS read-only`
			`STATUS current`
			`DESCRIPTION`
			`"Specific the entry origin: pre-defined (reserved) of statically configured."`
			`::= { rlSecuritySuiteMartianAddrAllEntry 3 }`

			`rlSecuritySuiteMartianAddrTable OBJECT-TYPE`
			`SYNTAX SEQUENCE OF RlDoSAttackMartianAddrEntry`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"This table specifies the Martian addresses -`
			`the addresses that packets with these IP addressed as source or`
			`destination are discarded."`
			`::= { rlSecuritySuiteMib 6 }`

			`rlSecuritySuiteMartianAddrEntry OBJECT-TYPE`
			`SYNTAX RlDoSAttackMartianAddrEntry`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"Each entry in this table describes one Martian address ,`
			`packets with this address as IP source or IP destination, are discarded."`
			`INDEX { rlSecuritySuiteMartianAddr,rlSecuritySuiteMartianAddrNetMask}`
			`::= { rlSecuritySuiteMartianAddrTable 1 }`

			`RlDoSAttackMartianAddrEntry::= SEQUENCE {`
			`rlSecuritySuiteMartianAddrStatus RowStatus`
			`}`

			`rlSecuritySuiteMartianAddrStatus OBJECT-TYPE`
			`SYNTAX RowStatus`
			`MAX-ACCESS read-create`
			`STATUS current`
			`DESCRIPTION`
			`"The status of a table entry.`
			`It is used to delete/Add an entry from this table."`
			`::= { rlSecuritySuiteMartianAddrEntry 1 }`

			`rlSecuritySuiteDoSSynAttackTable OBJECT-TYPE`
			`SYNTAX SEQUENCE OF RlSecuritySuiteDoSSynAttackEntry`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"This table contains IP address and rate, to limit DoS SYN attacks from`
			`a specific IP address and interface(s)"`
			`::= { rlSecuritySuiteMib 7 }`

			`rlSecuritySuiteDoSSynAttackEntry OBJECT-TYPE`
			`SYNTAX RlSecuritySuiteDoSSynAttackEntry`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"Each entry in this table describes one Martian address ,`
			`packets with this address as IP source or IP destination, are discarded."`
			`INDEX { rlSecuritySuiteDoSSynAttackIfIndex,`
			`rlSecuritySuiteDoSSynAttackAddr,`
			`rlSecuritySuiteDoSSynAttackNetMask}`
			`::= { rlSecuritySuiteDoSSynAttackTable 1 }`

			`RlSecuritySuiteDoSSynAttackEntry::= SEQUENCE {`
			`rlSecuritySuiteDoSSynAttackIfIndex InterfaceIndex,`
			`rlSecuritySuiteDoSSynAttackAddr IpAddress,`
			`rlSecuritySuiteDoSSynAttackNetMask IpAddress,`
			`rlSecuritySuiteDoSSynAttackSynRate INTEGER,`
			`rlSecuritySuiteDoSSynAttackStatus RowStatus`
			`}`
			`rlSecuritySuiteDoSSynAttackIfIndex OBJECT-TYPE`
			`SYNTAX InterfaceIndex`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"Interface which the attack is applied on"`
			`::= { rlSecuritySuiteDoSSynAttackEntry 1 }`

			`rlSecuritySuiteDoSSynAttackAddr OBJECT-TYPE`
			`SYNTAX IpAddress`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"An IP address to discard all packets with that address as destination"`
			`::= { rlSecuritySuiteDoSSynAttackEntry 2 }`

			`rlSecuritySuiteDoSSynAttackNetMask OBJECT-TYPE`
			`SYNTAX IpAddress`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"Relevant when rlSecuritySuiteSynAttackRangeType equals prefix(2).`
			`Specify the number of bits that comprise the destination`
			`IP address prefix."`
			`::= { rlSecuritySuiteDoSSynAttackEntry 3 }`

			`rlSecuritySuiteDoSSynAttackSynRate OBJECT-TYPE`
			`SYNTAX INTEGER`
			`MAX-ACCESS read-create`
			`STATUS current`
			`DESCRIPTION`
			`"Specify the maximum connections per second allowed from this IP address`
			`and rlSecuritySuiteSynAttackPortList"`
			`::= { rlSecuritySuiteDoSSynAttackEntry 4 }`

			`rlSecuritySuiteDoSSynAttackStatus OBJECT-TYPE`
			`SYNTAX RowStatus`
			`MAX-ACCESS read-create`
			`STATUS current`
			`DESCRIPTION`
			`"The status of a table entry.`
			`It is used to delete/Add an entry from this table."`
			`::= { rlSecuritySuiteDoSSynAttackEntry 6 }`

			`rlSecuritySuiteDenyTypesTable OBJECT-TYPE`
			`SYNTAX SEQUENCE OF RlSecuritySuiteDenyTypesEntry`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"This table specifies the ip address and TCP ports that`
			`TCP SYN packets from them on a specific interfaces are dropped."`
			`::= { rlSecuritySuiteMib 8 }`

			`rlSecuritySuiteDenyTypesEntry OBJECT-TYPE`
			`SYNTAX RlSecuritySuiteDenyTypesEntry`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"Each entry in this table describes one ip address, TCP port and`
			`list of ifIndexes, that packets with these attributes are discarded."`
			`INDEX { rlSecuritySuiteDenyIfIndex,`
			`rlSecuritySuiteDenyAttackType,`
			`rlSecuritySuiteDenyDestAddr,`
			`rlSecuritySuiteDenyNetMask,`
			`rlSecuritySuiteDenyDestPort}`
			`::= { rlSecuritySuiteDenyTypesTable 1 }`

			`RlSecuritySuiteDenyTypesEntry::= SEQUENCE {`
			`rlSecuritySuiteDenyIfIndex InterfaceIndex,`
			`rlSecuritySuiteDenyAttackType RlSecuritySuiteDenyAttackType,`
			`rlSecuritySuiteDenyDestAddr IpAddress,`
			`rlSecuritySuiteDenyNetMask IpAddress,`
			`rlSecuritySuiteDenyDestPort INTEGER,`
			`rlSecuritySuiteDenyStatus RowStatus`
			`}`

			`rlSecuritySuiteDenyIfIndex OBJECT-TYPE`
			`SYNTAX InterfaceIndex`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"Interface which the attack is applied on"`
			`::= { rlSecuritySuiteDenyTypesEntry 1 }`

			`rlSecuritySuiteDenyAttackType OBJECT-TYPE`
			`SYNTAX RlSecuritySuiteDenyAttackType`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"The specific deny attack type"`
			`::= { rlSecuritySuiteDenyTypesEntry 2 }`

			`rlSecuritySuiteDenyDestAddr OBJECT-TYPE`
			`SYNTAX IpAddress`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"An IP address to discard all packets with that address as destination"`
			`::= { rlSecuritySuiteDenyTypesEntry 3 }`

			`rlSecuritySuiteDenyNetMask OBJECT-TYPE`
			`SYNTAX IpAddress`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"Relevant when rlSecuritySuiteDenyTCPRangeType equals mask(1).`
			`Specify the number of bits that comprise the destination`
			`IP address prefix."`
			`::= { rlSecuritySuiteDenyTypesEntry 4 }`

			`rlSecuritySuiteDenyDestPort OBJECT-TYPE`
			`SYNTAX INTEGER`
			`MAX-ACCESS not-accessible`
			`STATUS current`
			`DESCRIPTION`
			`"Destination TCP port.`
			`Use 65553 to specify all ports.`
			`This key-field is relevant in specific attack types (not all)`
			`Use 0 when not relevant."`
			`::= { rlSecuritySuiteDenyTypesEntry 5 }`

			`rlSecuritySuiteDenyStatus OBJECT-TYPE`
			`SYNTAX RowStatus`
			`MAX-ACCESS read-create`
			`STATUS current`
			`DESCRIPTION`
			`"The status of a table entry.`
			`It is used to delete/Add an entry from this table."`
			`::= { rlSecuritySuiteDenyTypesEntry 6 }`
			`END`