This article provides information about the different firewall traps and their associated trap types.
The following table in the C & E guide lists the possible alarm types and their associated trap numbers. What are the actual alarm traps that fall under each trap type?
Trap Enterprise ID Description:
- 100 Hardware problems
- 200 Firewall problems
- 300 Software problems
- 400 Traffic problems
- 500 VPN problems
- 600 NSRP problems
- 800 DRP problems
- 900 Interface failover problems
- 1000 Firewall attacks
Hardware related alarms 100
| device-dead(19) | device not working |
| low-memory(20) | memory low |
| generic-HW-fail(22) | Fan, Power Supply failure |
| cpu-usage-high(30) | CPU usage is high |
[back to top]
Security related alarms 200
| user-auth-fail(3) | User Authentication Fail |
| winnuke(4) | Winnuke pak |
| syn-attack(5) | Syn attack |
| tear-drop(6) | tear-drop attack |
| ping-death(7) | Ping of Death attack |
| ip-spoofing(8) | IP spoofing attack |
| ip-src-route(9) | IP source routing attack |
| land(10) | land attack |
| icmp-flood(11) | ICMP flooding attack |
| udp-flood(12) | UDP flooding attack |
| port-scan(16) | Port Scan attack |
| addr-sweep(17) | address sweep attack |
| policy-deny(18) | Deny by policy attack |
| ids-component(400) | block java/active-x component |
| ids-icmp-flood(401) | icmp flood attack |
| ids-udp-flood(402) | udp flood attack |
| ids-winnuke(403) | winnuke attack |
| ids-port-scan(404) | port scan attack |
| ids-addr-sweep(405) | address sweep attack |
| ids-tear-drop(406) | tear drop attack |
| ids-syn(407) | syn flood attack |
| ids-ip-spoofing(408) | ip spoofing attack |
| ids-ping-death(409) | ping of death attack |
| ids-ip-source-route(410) | filter ip packet with source route option |
| ids-land(411) | land attack |
| syn-frag-attack(412) | screen syn fragment attack |
| tcp-without-flag(413) | screen tcp packet without flag attack |
| unknow-ip-packet(414) | screen unknown ip packet |
| bad-ip-option(415) | screen bad ip option |
| ids-block-zip(431) | HTTP component blocking for .zip files |
| ids-block-jar(432) | HTTP component blocking for Java applets |
| ids-block-exe(433) | HTTP component blocking for .exe files |
| ids-block-activex(434) | HTTP component blocking for ActiveX controls |
| icmp-fragment(435) | screen icmp fragment packet |
| too-large-icmp(436) | screen too large icmp packet |
| tcp-syn-fin(437) | screen tcp flag syn-fin set |
| tcp-fin-no-ack(438) | screen tcp fin without ack |
| ids-tcp-syn-ack-ack(439) | - avoid replying to syns after excessive 3 way TCP handshakes from same - src ip but not proceeding with user auth. (not replying to username/password) |
| ids-ip-block-frag(440) | ip fragment |
| attact-malicious-url(32) | Microsoft IIS server vulnerability |
| session-threshold(33) | session threshold is exceeded |
| vpn-replay-attack(42) | VPN replay detected |
Software related alarms 300
| illegal-cms-svr(13) | Illegal server IP to connect to CMS port |
| url-block-srv(14) | URL blocking server connection alarm |
| dns-srv-down(21) | DNS server unreachable |
| lb-srv-down(23) | Load balance server unreachable |
| log-full(24) | log buffer overflow |
| x509(25) | X509 related |
| vpn-ike(26) | VPN and IKE related |
| admin(27) | admin realted |
| sme(28) | Illegal src ip to connect to sme port |
| dhcp(29) | DHCP related |
| ip-conflict(31) | Interface IP conflict |
| ssh-alarm(34) | SSH related alarms |
| allocated-session-threshold(51) | allocated session exceed threshold |
| traffic-sec(1) | Traffic per-second threshold |
| traffic-min(2) | Traffic per-minute threshold |
| vpn-tunnel-up(40) | VPN tunnel from down to up |
| vpn-tunnel-down(41) | VPN tunnel from up to down |
| vpn-l2tp-tunnel-remove(43) | VPN tunnel removed |
| vpn-l2tp-tunnel-remove-err(44) | VPN tunnel removed and error detected |
| vpn-l2tp-call-remove(45) | VPN call removed |
| vpn-l2tp-call-remove-err(46) | VPN call removed and error detected |
| nsrp-rto-up(60) | NSRP rto self unit status change from up to down |
| nsrp-rto-down(61) | NSRP rto self unit status change from down to up |
nsrp-trackip-success(62) | NSRP track ip successed |
| nsrp-trackip-failed(63) | NSRP track ip failed |
| nsrp-trackip-failover(64) | NSRP track ip fail over |
| nsrp-inconsistent-configuration(65) | NSRP inconsistent configuration between master and backup |
| nsrp-vsd-init(70) | NSRP vsd group status change to elect |
| nsrp-vsd-master(71) | NSRP vsd group status change to master |
nsrp-vsd-pbackup(72) | NSRP vsd group status change to primary backup |
| nsrp-vsd-backup(73) | NSRP vsd group status change to backup |
| nsrp-vsd-ineligible(74) | NSRP vsd group status change to ineligible |
nsrp-vsd-inoperable(75) | NSRP VSD group status change to inoperable |
| nsrp-vsd-req-hearbeat-2nd(76) | NSRP VSD request heartbeat from 2nd HA path |
| nsrp-vsd-reply-2nd(77) | NSRP VSD reply to 2nd path request |
| nsrp-rto-duplicated(78) | NSRP duplicated RTO group found |
| route-alarm(205) | Errors in route module (exceed limit, malloc failure, add-perfix failure etc) |
| osfp-flood(206) | LSA/Hello packets flood in OSPF, route redistribution exceed limit |
| rip-flood(207) | Update packet floods in RIP |
Interface Failover Alarms 900
| nsrp-trackip-failover(64) | NSRP track ip fail over |
No detailed Alarm ID listed in MIB files.