Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] What are the actual traps that fall under the trap types that are mentioned in the ScreenOS C & E guide?

0

0

Article ID: KB7990 KB Last Updated: 04 Feb 2013Version: 5.0
Summary:
This article provides information about the different firewall traps and their associated trap types.
Symptoms:
The following table in the C & E guide lists the possible alarm types and their associated trap numbers. What are the actual alarm traps that fall under each trap type?

Trap Enterprise ID Description:

  • 100 Hardware problems

  • 200 Firewall problems

  • 300 Software problems

  • 400 Traffic problems

  • 500 VPN problems

  • 600 NSRP problems

  • 800 DRP problems

  • 900 Interface failover problems

  • 1000 Firewall attacks
Cause:

Solution:
For ScreenOS 6.3 traps, refer to the 6.3 MIBs file, refer to the following link (this zip file contains the NS-TRAPS.MIB, which displays all the traps, when it is opened with a text editor or SNMP software):

www.juniper.net/techpubs/software/screenos/screenos6.3.0/6.3mib.zip



Trap Types 100 through 1000
:
 

Hardware related alarms 100

device-dead(19) device not working
low-memory(20) memory low
generic-HW-fail(22) Fan, Power Supply failure
cpu-usage-high(30) CPU usage is high

 [back to top]

 

Security related alarms 200

user-auth-fail(3)

User Authentication Fail

winnuke(4) Winnuke pak
syn-attack(5) Syn attack
tear-drop(6) tear-drop attack
ping-death(7) Ping of Death attack
ip-spoofing(8) IP spoofing attack
ip-src-route(9) IP source routing attack
land(10) land attack
icmp-flood(11) ICMP flooding attack
udp-flood(12) UDP flooding attack
port-scan(16) Port Scan attack
addr-sweep(17) address sweep attack  
policy-deny(18) Deny by policy attack 
ids-component(400) block java/active-x component
ids-icmp-flood(401) icmp flood attack
ids-udp-flood(402) udp flood attack
ids-winnuke(403) winnuke attack
ids-port-scan(404) port scan attack
ids-addr-sweep(405) address sweep attack
ids-tear-drop(406) tear drop attack
ids-syn(407) syn flood attack
ids-ip-spoofing(408) ip spoofing attack
ids-ping-death(409) ping of death attack
ids-ip-source-route(410) filter ip packet with source route option
ids-land(411) land attack
syn-frag-attack(412) screen syn fragment attack
tcp-without-flag(413) screen tcp packet without flag attack
unknow-ip-packet(414) screen unknown ip packet 
bad-ip-option(415) screen bad ip option
ids-block-zip(431) HTTP component blocking for .zip files
ids-block-jar(432) HTTP component blocking for Java applets
ids-block-exe(433) HTTP component blocking for .exe files
ids-block-activex(434) HTTP component blocking for ActiveX controls
icmp-fragment(435) screen icmp fragment packet  
too-large-icmp(436) screen too large icmp packet  
tcp-syn-fin(437) screen tcp flag syn-fin set
tcp-fin-no-ack(438) screen tcp fin without ack
ids-tcp-syn-ack-ack(439)

- avoid replying to syns after excessive 3 way TCP handshakes from same

- src ip but not proceeding with user auth. (not replying to username/password)

ids-ip-block-frag(440) ip fragment  
attact-malicious-url(32) Microsoft IIS server vulnerability
session-threshold(33) session threshold is exceeded
vpn-replay-attack(42) VPN replay detected

Software related  alarms 300

illegal-cms-svr(13) Illegal server IP to connect to CMS port 
url-block-srv(14) URL blocking server connection alarm
dns-srv-down(21) DNS server unreachable
lb-srv-down(23) Load balance server unreachable
log-full(24) log buffer overflow  
x509(25) X509 related  
vpn-ike(26) VPN and IKE related
admin(27) admin realted
sme(28) Illegal src ip to connect to sme port
dhcp(29) DHCP related
ip-conflict(31) Interface IP conflict
ssh-alarm(34) SSH related alarms  
allocated-session-threshold(51) allocated session exceed threshold 

Traffic Alarms 400  

traffic-sec(1) Traffic per-second threshold
traffic-min(2) Traffic per-minute threshold
 

VPN Alarms 500  

vpn-tunnel-up(40) VPN tunnel from down to up   
vpn-tunnel-down(41) VPN tunnel from up to down
vpn-l2tp-tunnel-remove(43) VPN tunnel removed
vpn-l2tp-tunnel-remove-err(44) VPN tunnel removed and error detected
vpn-l2tp-call-remove(45) VPN call removed
vpn-l2tp-call-remove-err(46) VPN call removed and error detected

NSRP Alarms 600   

 
nsrp-rto-up(60)  NSRP rto self unit status change from up to down
nsrp-rto-down(61) NSRP rto self unit status change from down to up   
 
nsrp-trackip-success(62)
NSRP track ip successed
nsrp-trackip-failed(63) NSRP track ip failed
nsrp-trackip-failover(64) NSRP track ip fail over
nsrp-inconsistent-configuration(65) NSRP inconsistent configuration between master and backup
nsrp-vsd-init(70) NSRP vsd  group status change to elect
nsrp-vsd-master(71) NSRP vsd  group status change to master
 
nsrp-vsd-pbackup(72)
NSRP vsd  group status change to primary backup
nsrp-vsd-backup(73) NSRP vsd  group status change to backup
nsrp-vsd-ineligible(74) NSRP vsd  group status change to ineligible
 
nsrp-vsd-inoperable(75)
NSRP VSD group status change to inoperable
nsrp-vsd-req-hearbeat-2nd(76) NSRP VSD request heartbeat from 2nd HA path
nsrp-vsd-reply-2nd(77) NSRP VSD reply to 2nd path request
nsrp-rto-duplicated(78) NSRP duplicated RTO group found

Drp Alarms 800  

route-alarm(205)   Errors in route module (exceed limit, malloc failure, add-perfix failure etc)
osfp-flood(206)  LSA/Hello packets flood in OSPF, route redistribution exceed limit
rip-flood(207) Update packet floods in RIP

Interface Failover Alarms 900  

nsrp-trackip-failover(64) NSRP track ip fail over

IDP Alarm 1000

No detailed Alarm ID listed in MIB files.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search