SOC_1.3.6.1.4.1.2011.5.25.165.1.11.12 hwBaseSocAttackTrap

Trap Buffer Description

Security Operation Center detected one attack. (EventNo=[hwSocAttackSeqNo],Probability=[hwSocAttackPossib],Reason=[hwSocAttackReason],Location=[hwSocAttackIfName],Interface= [hwSocAttackSubIfName],Vlan=[hwSocAttackVlanIndex],QinQ=[hwSocAttackUserQinQIndex],MAC=[hwSocAttackMacAddr],IP=[hwSocAttackIPAddr],IPv6=[hwSocAttackIPAddrV6],Vni=[hwSocAttackVniIndex]).

The CPU usage of the device and packet delivery process was high, and a large number of packets monitored by the Security Management Center were discarded.

In VS mode, this trap is supported only by the admin VS.

Trap Attributes

Trap Attribute Description

Alarm or Event

Alarm

Trap Severity

 Warning

Mnemonic Code

hwBaseSocAttackTrap

Trap OID

1.3.6.1.4.1.2011.5.25.165.1.11.12

MIB

HUAWEI-SECURITY-MIB

Alarm ID

0x09e02000

Alarm Name

 hwBaseSocAttackTrap

Alarm Type

equipmentAlarm

Raise or Clear

Raise

Match trap

SOC_1.3.6.1.4.1.2011.5.25.165.1.11.13 hwBaseSocAttackResumeTrap

Trap Buffer Parameters

Parameter Description

hwSocAttackSeqNo

Sequence number.

hwSocAttackPossib

Possibility of being attacked.

hwSocAttackReason

Reason for an attack.

hwSocAttackIfName

Name of a main interface that is being attacked.

hwSocAttackSubIfName

Name of a logic interface that is being attacked.

hwSocAttackVlanIndex

Name of a VLAN that is being attacked.

hwSocAttackUserQinQIndex

Name of a VLAN that is being attacked.

hwSocAttackMacAddr

MAC address of an attack source.

hwSocAttackIPAddr

IP address of an attack source.

hwSocAttackIPAddrV6

IPv6 address of an attack source.

hwSocAttackVniIndex

Index of a VNI that is being attacked.

VB Parameters

VB OID VB Name VB Index

1.3.6.1.4.1.2011.5.25.165.1.7.1.1.1

hwSocAttackSeqNo

hwSocAttackSeqNo

1.3.6.1.4.1.2011.5.25.165.1.7.1.1.2

hwSocAttackPossib

hwSocAttackSeqNo

1.3.6.1.4.1.2011.5.25.165.1.7.1.1.3

hwSocAttackReason

hwSocAttackSeqNo

1.3.6.1.4.1.2011.5.25.165.1.7.1.1.4

hwSocAttackIfName

hwSocAttackSeqNo

1.3.6.1.4.1.2011.5.25.165.1.7.1.1.5

hwSocAttackSubIfName

hwSocAttackSeqNo

1.3.6.1.4.1.2011.5.25.165.1.7.1.1.6

hwSocAttackVlanIndex

hwSocAttackSeqNo

1.3.6.1.4.1.2011.5.25.165.1.7.1.1.7

hwSocAttackUserQinQIndex

hwSocAttackSeqNo

1.3.6.1.4.1.2011.5.25.165.1.7.1.1.8

hwSocAttackMacAddr

hwSocAttackSeqNo

1.3.6.1.4.1.2011.5.25.165.1.7.1.1.9

hwSocAttackIPAddr

hwSocAttackSeqNo

1.3.6.1.4.1.2011.5.25.165.1.7.1.1.10

hwSocAttackIPv6Addr

hwSocAttackSeqNo

Impact on the System

Services will be interrupted.

Possible Causes

The device was under an attack.

Procedure

1. Run the display attack-source-trace slot slot-id original-information command to check the Attack Source Data field. The packet header information cached by the attack source tracing module is displayed.

2. Collect alarm, log, and configuration information, and contact technical support engineers.

3. End

Parent Topic: SOC
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >