MrMeeb/snmp_mib_archive
1
0
Fork 0
mirror of https://github.com/hsnodgrass/snmp_mib_archive.git synced 2025-04-17 16:03:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
snmp_mib_archive/CISCO-WDS-IDS-MIB.my
Heston Snodgrass 89bf4b016e initial commit
2016-12-15 15:03:18 -07:00

354 lines
14 KiB
Plaintext
Raw Blame History

-- *******************************************************************
-- CISCO-WDS-IDS-MIB.my
-- October 2004, Prasanna Viswakumar
--
-- Copyright (c) 2004-2005 by Cisco Systems, Inc.
-- All rights reserved.
-- *******************************************************************
--
CISCO-WDS-IDS-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY,
OBJECT-TYPE,
Unsigned32,
Integer32
FROM SNMPv2-SMI
MODULE-COMPLIANCE,
OBJECT-GROUP
FROM SNMPv2-CONF
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB
MacAddress,
TimeStamp
FROM SNMPv2-TC
ciscoMgmt
FROM CISCO-SMI;
--********************************************************************
--* MODULE IDENTITY
--********************************************************************
ciscoWdsIdsMIB MODULE-IDENTITY
LAST-UPDATED "200410170000Z"
ORGANIZATION "Cisco Systems Inc."
CONTACT-INFO
" Cisco Systems,
Customer Service
Postal: 170 West Tasman Drive
San Jose, CA 95134
USA
Tel: +1 800 553-NETS
E-mail: cs-dot11@cisco.com"
DESCRIPTION
"This MIB is intended to be implemented on all
IOS based network entities that provide Wireless
Domain Services, for the purpose of providing network
management stations information about the various
attempts to compromise the security in the
802.11-based wireless networks. Entities that can be
configured to provide Wireless Domain Services
could be an 802.11 Access Point, a Switch or any
other IOS network device, that allows the WDS
configuration.
The MIB reports the information about the MAC
spoofing attempts made by wireless clients to
compromise the security of the network.
MAC Spoofing is detected by the WDS when clients
attempt to authenticate with the WDS using the MAC
address of another client while roaming from one
AP to another. Upon detecting this, the WDS
provides the information about the client and the
username to the NMS as MIB objects.
The hierarchy of the WDS, AP and MNs is as follows.
+=====+ +=====+ +=====+
| | | | | |
| WDS | | WDS | | WDS |
| | | | | |
+=====+ +=====+ +=====+
/ \ \ \
/ \ \ \
/ \ \ \
/ \ \ \
/ \ \ \
\/ \/ \/ \/
+~-~-~+ +~-~-~+ +~-~-~+ +~-~-~+
+ + + + + + + +
+ AP + + AP + + AP + + AP +
+ + + + + + + +
+~-~-~+ +~-~-~+ +~-~-~+ +~-~-~+
.. . . .
.. . . .
. . . . .
. . . . .
. . . . .
. . . . .
\/ \/ \/ \/ \/
+.....+ +.....+ +-.-.-.+ +~-~-~+ +......+
+ + + + + + + + + +
+ MN + + MN + + MN + + MN + + MN +
+ + + + + + + + + +
+.....+ +.....+ +-.-.-.+ +~-~-~+ +......+
The WDS include authentication and registration
services for the APs. An AP provides Proxy
Authentication and registration services for the
MNs.
The wireless connections are represented as dotted
lines in the above diagram.
GLOSSARY
Access Point ( AP )
An entity that contains an 802.11 medium access
control ( MAC ) and physical layer ( PHY ) interface
and provides access to the distribution services via
the wireless medium for associated clients.
Mobile Node ( MN )
A roaming 802.11 wireless device in a wireless
network associated with an access point.
Wireless Domain Services (WDS)
The set of services being offered at a particular
broadcast domain that may be an IP subnet or a
particular VLAN, or across the L3 cloud. The
services include the following.
1. MN security credential caching to provide
seamless, secure intra-subnet roaming.
2. Authenticated context transfer for roaming
client within the subnet.
Context
The mobility context for an MN includes its current
mobility bindings with the APs, IP/802 address
bindings, cached configuration parameters, QoS state,
IP group membership, authentication state, accounting
statistics, and other dynamically derived protocol
state information. "
-- REFERENCE
-- [1] CISCO-DOT11-CONTEXT-SERVICES-MIB
REVISION "200410170000Z"
DESCRIPTION
"Initial version of this MIB module. "
::= { ciscoMgmt 457 }
ciscoWdsIdsMIBObjects OBJECT IDENTIFIER
::= { ciscoWdsIdsMIB 1 }
ciscoWdsIdsMacSpoofing OBJECT IDENTIFIER
::= { ciscoWdsIdsMIBObjects 1 }
--********************************************************************
--* MAC spoofing identification parameters
--********************************************************************
ciscoWdsIdsMaxMacAddresses OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates the maximum number of
different MAC addresses for which spoofing events
are held in this table. "
::= { ciscoWdsIdsMacSpoofing 1 }
ciscoWdsIdsMaxEntriesPerMac OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates the maximum number of entries
that can be held for a particular MAC address
indicated by the object
ciscoWdsIdsMacSpoofStaMacAddress. "
::= { ciscoWdsIdsMacSpoofing 2 }
ciscoWdsIdsMacSpoofTable OBJECT-TYPE
SYNTAX SEQUENCE OF CiscoWdsIdsMacSpoofEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table gives the information about the MAC
spoofing attacks detected by the network entity
offering WDS.
An entry in this table is created by the agent when
the WDS detects a MAC spoofing attack.
The agent at anytime will retain only the most
recent and maximum number of entries possible
for a particular MAC. The older entries are
purged automatically when the number of entries
for a particular MAC reaches its maximum.
Thus, there can be a maximum of those many
different MAC addresses indicated by
ciscoWdsIdsMaxMacAddresses and for each MAC
address, the maximum number of entries is
indicated by the value of the MIB object
ciscoWdsIdsMaxEntriesPerMac.
MAC spoofing is detected only by the network entity
serving as the active WDS and hence this table
is populated only by the active WDS as indicated
by the values 'wds' and 'active' for the MIB objects
cDot11csServiceType and cDot11csWdsInstanceState
respectively. If cDot11csServiceType equals 'none'
indicating that WDS is not configured in this
station, or cDot11csWdsInstanceState not equals
'active' indicating that this entity is not the
currently active WDS, a 'noSuchInstance' error
is returned for the queries to the objects of this
table. "
::= { ciscoWdsIdsMacSpoofing 3 }
ciscoWdsIdsMacSpoofEntry OBJECT-TYPE
SYNTAX CiscoWdsIdsMacSpoofEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry holds the information about one instance of
MAC spoofing attack detected on the radio interface
of the AP identified by
ciscoWdsIdsMacSpoofStaMacAddress. "
INDEX { ciscoWdsIdsMacSpoofStaMacAddress,
ciscoWdsIdsMacSpoofIndex }
::= { ciscoWdsIdsMacSpoofTable 1 }
CiscoWdsIdsMacSpoofEntry ::=
SEQUENCE {
ciscoWdsIdsMacSpoofStaMacAddress MacAddress,
ciscoWdsIdsMacSpoofIndex Unsigned32,
ciscoWdsIdsMacSpoofClient MacAddress,
ciscoWdsIdsMacSpoofUserId SnmpAdminString,
ciscoWdsIdsMacSpoofDetectTime TimeStamp
}
ciscoWdsIdsMacSpoofStaMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object identifies the radio interface of the
802.11 station, that has forwarded the
authentication request of the client with the
spoofed MAC address indicated by
ciscoWdsIdsMacSpoofClient, to the WDS. "
::= { ciscoWdsIdsMacSpoofEntry 1 }
ciscoWdsIdsMacSpoofIndex OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object identifies the set of information about
one instance of a MAC spoofing attack detected by
the WDS. The radio interface of the 802.11 station
that has forwarded the authentication request is
identified by ciscoWdsIdsMacSpoofStaMacAddress. "
::= { ciscoWdsIdsMacSpoofEntry 2 }
ciscoWdsIdsMacSpoofClient OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the MAC address that
has been spoofed. "
::= { ciscoWdsIdsMacSpoofEntry 3 }
ciscoWdsIdsMacSpoofUserId OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..253))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the userId used by the
wireless client when attempting the MAC spoofing
attack. "
::= { ciscoWdsIdsMacSpoofEntry 4 }
ciscoWdsIdsMacSpoofDetectTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the time at which this MAC
spoofing attempt is detected by the WDS. "
::= { ciscoWdsIdsMacSpoofEntry 5 }
--********************************************************************
-- Conformance information
--********************************************************************
ciscoWdsIdsMIBConform OBJECT IDENTIFIER
::= { ciscoWdsIdsMIB 2 }
ciscoWdsIdsMIBCompliances OBJECT IDENTIFIER
::= { ciscoWdsIdsMIBConform 1 }
ciscoWdsIdsMIBGroups OBJECT IDENTIFIER
::= { ciscoWdsIdsMIBConform 2 }
--********************************************************************
--* Compliance statements
--********************************************************************
ciscoWdsIdsMIBCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for the SNMP entities that
implement the ciscoWdsIdsMIB module."
MODULE MANDATORY-GROUPS {
ciscoWdsIdsMacSpoofingGroup
}
::= { ciscoWdsIdsMIBCompliances 1 }
--********************************************************************
--* Units of conformance
--********************************************************************
ciscoWdsIdsMacSpoofingGroup OBJECT-GROUP
OBJECTS {
ciscoWdsIdsMaxMacAddresses,
ciscoWdsIdsMaxEntriesPerMac,
ciscoWdsIdsMacSpoofClient,
ciscoWdsIdsMacSpoofUserId,
ciscoWdsIdsMacSpoofDetectTime
}
STATUS current
DESCRIPTION
"This collection of objects provide the information
about the various attempts to spoof the MAC addresses
of valid wireless clients in the network. "
::= { ciscoWdsIdsMIBGroups 1 }
--********************************************************************
--* End of units of conformance
--********************************************************************
END
Reference in New Issue View Git Blame Copy Permalink