ATTACK-MIB DEFINITIONS ::= BEGIN

	IMPORTS
		MODULE-IDENTITY,OBJECT-TYPE,NOTIFICATION-TYPE,Integer32
			FROM SNMPv2-SMI
		TEXTUAL-CONVENTION,TimeStamp,DisplayString
			FROM SNMPv2-TC
		MODULE-COMPLIANCE,OBJECT-GROUP
			FROM SNMPv2-CONF
		blueCoatMgmt
			 FROM BLUECOAT-MIB;

	deviceAttackMIB MODULE-IDENTITY
		LAST-UPDATED "0211060300Z"
		ORGANIZATION "Blue Coat Systems, Inc."
		CONTACT-INFO
		"support@bluecoat.com"
		DESCRIPTION
			"The Attack-MIB is used to monitor
			possible protocol attacks by hackers."
		::= { blueCoatMgmt 3 }

deviceAttackMIBObjects
		OBJECT IDENTIFIER ::= { deviceAttackMIB 1 }

deviceAttackMIBNotifications
		OBJECT IDENTIFIER ::= { deviceAttackMIB 2 }

deviceAttackMIBNotificationsPrefix
		OBJECT IDENTIFIER ::= { deviceAttackMIBNotifications 0 }

-- textual conventions

AttackStatus ::= TEXTUAL-CONVENTION
	STATUS		 current
	DESCRIPTION
		"Indicates the status of the attack.

		no-attack(1)		:no attack.
		under-attack(2) 	:attack in progress."

	SYNTAX INTEGER {
		no-attack(1),
		under-attack(2)
	}

-- MIB variables
--

deviceAttackValues
	OBJECT IDENTIFIER ::= { deviceAttackMIBObjects 1 }


--
-- deviceAttackTable
--

deviceAttackTable OBJECT-TYPE
	SYNTAX		  SEQUENCE OF DeviceAttackEntry
	MAX-ACCESS	  not-accessible
	STATUS		  current
	DESCRIPTION
		"This table lists the various attacks that are
		detected."

	::= { deviceAttackValues 1 }

deviceAttackEntry OBJECT-TYPE
	SYNTAX		  DeviceAttackEntry
	MAX-ACCESS	  not-accessible
	STATUS		  current
	DESCRIPTION
		"A deviceAttack entry describes the
		present state of an attack."

	INDEX		  { deviceAttackIndex }
	::= { deviceAttackTable 1 }

DeviceAttackEntry ::= SEQUENCE {
	deviceAttackIndex			INTEGER,
	deviceAttackName 			DisplayString,
	deviceAttackStatus			AttackStatus,
	deviceAttackTime 			TimeStamp
	}

deviceAttackIndex	OBJECT-TYPE
	SYNTAX			INTEGER (1..2147483647)
	MAX-ACCESS		not-accessible
	STATUS			current
	DESCRIPTION
			"An arbitrary value which uniquely identifies an attack."

	::= { deviceAttackEntry 1 }

deviceAttackName OBJECT-TYPE
	SYNTAX		DisplayString
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
			"The textual name of the attack i.e. SYN Flood."

	::= { deviceAttackEntry 2  }

deviceAttackStatus	OBJECT-TYPE
	SYNTAX			AttackStatus
	MAX-ACCESS		read-only
	STATUS			current
	DESCRIPTION
		"no-attack(1) not under attack, under-attack(2) attack in progress.
		The default start-up value is no-attack(1)."

	::= { deviceAttackEntry 3 }

deviceAttackTime 	OBJECT-TYPE
	SYNTAX			TimeStamp
	MAX-ACCESS		read-only
	STATUS			current
	DESCRIPTION
		"value of 'sysUpTime.0' at the time of the attack."
	::= { deviceAttackEntry 4 }

--
-- notifications
-- "enterprise".0 for v1 v2 compatibility
--

deviceAttackTrap NOTIFICATION-TYPE
	OBJECTS { deviceAttackName, deviceAttackStatus }
	STATUS current
	DESCRIPTION
		"At the start of an attack a notification is
		generated with 'deviceAttackStatus = under-attack(2)'.
		At the end of an attack a notification is generated with
		'deviceAttackStatus = no-attack(1)'."

	::= { deviceAttackMIBNotificationsPrefix 1 }


END