This table gives the statistics on the EAPOL flood
attacks observed at this radio interface.
An entry in this table is created by the agent when
this 802.11 station detects an EAPOL flood attack.
All the columns in the entries except the
cDot11WidsEapolFloodStopTime are populated when
the attack is observed first. The object
cDot11WidsEapolFloodStopTime is populated when no
flood conditions are observed following the initial
observation at the time indicated by
cDot11WidsEapolFloodStartTime.
This can be illustrated by the following example.
Assume that the monitoring interval is configured
to 1 minute through the
cDot11WidsEapolFloodInterval object and the number
of attempts is set to 5.
At the end of the first minute after this
configuration is made, client c1 is found to
have made 4 attempts and another client c2 have
made 3. Hence, in total, the attempt count
exceeds 7 and the agent adds a new row to this
table. The cDot11WidsFloodStopTime carries a
value of 0 at this point in the newly added row.
The MIB object cDot11WidsEapolFloodClientMac
at this point holds the MAC address of c1
and cDot11WidsEapolFloodClientCount holds the
value of 4.
At the end of the second interval, assume that
the clients are found to have made only 4
attempts in total with c1 and c2 making 3 and 1
attempt(s) respectively. Now the total count
is not found to exceed the threshold. Hence
the flood is observed to be stopped. The
object cDot11WidsEapolFloodStopTime is now
populated with this time at which the flood is
observed to be stopped. The MIB object
cDot11WidsEapolFloodClientMac at this point
holds c1's MAC address and
cDot11WidsEapolFloodClientCount would hold a
value of 7. If the count is found to exceed in
the next interval, it will be treated as a
beginning of a new flood event and hence a new
entry will be created for the same.
Assume the case where, at the end of the second
interval, the total count continues at the
rate above the threshold, with c1 making 5 and
c2 making 2 attempts respectively. Since the
flood is not observed to be stopped, the
object cDot11WidsFloodStopTime continues to
hold a value of zero.
The agent at anytime will retain only the most
recent and maximum number of entries, as given
by cDot11WidsFloodMaxEntriesPerIntf, for a
particular value of ifIndex. The older entries
are purged automatically when the number of
entries for a particular ifIndex reaches its
maximum.
This table has a expansion dependent relationship
with ifTable defined in IF-MIB. There exists a
row in this table corresponding to the row for each
interface of iftype ieee80211(71) found in ifTable.
cDot11WidsEapolFloodIndex acts as the
expansion index.
Parsed from file CISCO-DOT11-WIDS-MIB.mib
Module: CISCO-DOT11-WIDS-MIB
This table gives the statistics on the EAPOL flood
attacks observed at this radio interface.
An entry in this table is created by the agent when
this 802.11 station detects an EAPOL flood attack.
All the columns in the entries except the
cDot11WidsEapolFloodStopTime are populated when
the attack is observed first. The object
cDot11WidsEapolFloodStopTime is populated when no
flood conditions are observed following the initial
observation at the time indicated by
cDot11WidsEapolFloodStartTime.
This can be illustrated by the following example.
Assume that the monitoring interval is configured
to 1 minute through the
cDot11WidsEapolFloodInterval object and the number
of attempts is set to 5.
At the end of the first minute after this
configuration is made, client c1 is found to
have made 4 attempts and another client c2 have
made 3. Hence, in total, the attempt count
exceeds 7 and the agent adds a new row to this
table. The cDot11WidsFloodStopTime carries a
value of 0 at this point in the newly added row.
The MIB object cDot11WidsEapolFloodClientMac
at this point holds the MAC address of c1
and cDot11WidsEapolFloodClientCount holds the
value of 4.
At the end of the second interval, assume that
the clients are found to have made only 4
attempts in total with c1 and c2 making 3 and 1
attempt(s) respectively. Now the total count
is not found to exceed the threshold. Hence
the flood is observed to be stopped. The
object cDot11WidsEapolFloodStopTime is now
populated with this time at which the flood is
observed to be stopped. The MIB object
cDot11WidsEapolFloodClientMac at this point
holds c1's MAC address and
cDot11WidsEapolFloodClientCount would hold a
value of 7. If the count is found to exceed in
the next interval, it will be treated as a
beginning of a new flood event and hence a new
entry will be created for the same.
Assume the case where, at the end of the second
interval, the total count continues at the
rate above the threshold, with c1 making 5 and
c2 making 2 attempts respectively. Since the
flood is not observed to be stopped, the
object cDot11WidsFloodStopTime continues to
hold a value of zero.
The agent at anytime will retain only the most
recent and maximum number of entries, as given
by cDot11WidsFloodMaxEntriesPerIntf, for a
particular value of ifIndex. The older entries
are purged automatically when the number of
entries for a particular ifIndex reaches its
maximum.
This table has a expansion dependent relationship
with ifTable defined in IF-MIB. There exists a
row in this table corresponding to the row for each
interface of iftype ieee80211(71) found in ifTable.
cDot11WidsEapolFloodIndex acts as the
expansion index.
This table gives the statistics on the EAPOL flood
attacks observed at this radio interface.
An entry in this table is created by the agent when
this 802.11 station detects an EAPOL flood attack.
All the columns in the entries except the
cDot11WidsEapolFloodStopTime are populated when
the attack is observed first. The object
cDot11WidsEapolFloodStopTime is populated when no
flood conditions are observed following the initial
observation at the time indicated by
cDot11WidsEapolFloodStartTime.
This can be illustrated by the following example.
Assume that the monitoring interval is configured
to 1 minute through the
cDot11WidsEapolFloodInterval object and the number
of attempts is set to 5.
At the end of the first minute after this
configuration is made, client c1 is found to
have made 4 attempts and another client c2 have
made 3. Hence, in total, the attempt count
exceeds 7 and the agent adds a new row to this
table. The cDot11WidsFloodStopTime carries a
value of 0 at this point in the newly added row.
The MIB object cDot11WidsEapolFloodClientMac
at this point holds the MAC address of c1
and cDot11WidsEapolFloodClientCount holds the
value of 4.
At the end of the second interval, assume that
the clients are found to have made only 4
attempts in total with c1 and c2 making 3 and 1
attempt(s) respectively. Now the total count
is not found to exceed the threshold. Hence
the flood is observed to be stopped. The
object cDot11WidsEapolFloodStopTime is now
populated with this time at which the flood is
observed to be stopped. The MIB object
cDot11WidsEapolFloodClientMac at this point
holds c1's MAC address and
cDot11WidsEapolFloodClientCount would hold a
value of 7. If the count is found to exceed in
the next interval, it will be treated as a
beginning of a new flood event and hence a new
entry will be created for the same.
Assume the case where, at the end of the second
interval, the total count continues at the
rate above the threshold, with c1 making 5 and
c2 making 2 attempts respectively. Since the
flood is not observed to be stopped, the
object cDot11WidsFloodStopTime continues to
hold a value of zero.
The agent at anytime will retain only the most
recent and maximum number of entries, as given
by cDot11WidsFloodMaxEntriesPerIntf, for a
particular value of ifIndex. The older entries
are purged automatically when the number of
entries for a particular ifIndex reaches its
maximum.
This table has a expansion dependent relationship
with ifTable defined in IF-MIB. There exists a
row in this table corresponding to the row for each
interface of iftype ieee80211(71) found in ifTable.
cDot11WidsEapolFloodIndex acts as the
expansion index.
Parsed from file CISCO-DOT11-WIDS-MIB.my.txt
Company: None
Module: CISCO-DOT11-WIDS-MIB
This table gives the statistics on the EAPOL flood
attacks observed at this radio interface.
An entry in this table is created by the agent when
this 802.11 station detects an EAPOL flood attack.
All the columns in the entries except the
cDot11WidsEapolFloodStopTime are populated when
the attack is observed first. The object
cDot11WidsEapolFloodStopTime is populated when no
flood conditions are observed following the initial
observation at the time indicated by
cDot11WidsEapolFloodStartTime.
This can be illustrated by the following example.
Assume that the monitoring interval is configured
to 1 minute through the
cDot11WidsEapolFloodInterval object and the number
of attempts is set to 5.
At the end of the first minute after this
configuration is made, client c1 is found to
have made 4 attempts and another client c2 have
made 3. Hence, in total, the attempt count
exceeds 7 and the agent adds a new row to this
table. The cDot11WidsFloodStopTime carries a
value of 0 at this point in the newly added row.
The MIB object cDot11WidsEapolFloodClientMac
at this point holds the MAC address of c1
and cDot11WidsEapolFloodClientCount holds the
value of 4.
At the end of the second interval, assume that
the clients are found to have made only 4
attempts in total with c1 and c2 making 3 and 1
attempt(s) respectively. Now the total count
is not found to exceed the threshold. Hence
the flood is observed to be stopped. The
object cDot11WidsEapolFloodStopTime is now
populated with this time at which the flood is
observed to be stopped. The MIB object
cDot11WidsEapolFloodClientMac at this point
holds c1's MAC address and
cDot11WidsEapolFloodClientCount would hold a
value of 7. If the count is found to exceed in
the next interval, it will be treated as a
beginning of a new flood event and hence a new
entry will be created for the same.
Assume the case where, at the end of the second
interval, the total count continues at the
rate above the threshold, with c1 making 5 and
c2 making 2 attempts respectively. Since the
flood is not observed to be stopped, the
object cDot11WidsFloodStopTime continues to
hold a value of zero.
The agent at anytime will retain only the most
recent and maximum number of entries, as given
by cDot11WidsFloodMaxEntriesPerIntf, for a
particular value of ifIndex. The older entries
are purged automatically when the number of
entries for a particular ifIndex reaches its
maximum.
This table has a expansion dependent relationship
with ifTable defined in IF-MIB. There exists a
row in this table corresponding to the row for each
interface of iftype ieee80211(71) found in ifTable.
cDot11WidsEapolFloodIndex acts as the
expansion index.
cDot11WidsEapolFloodTable OBJECT-TYPE SYNTAX SEQUENCE OF CDot11WidsEapolFloodEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table gives the statistics on the EAPOL flood attacks observed at this radio interface. An entry in this table is created by the agent when this 802.11 station detects an EAPOL flood attack. All the columns in the entries except the cDot11WidsEapolFloodStopTime are populated when the attack is observed first. The object cDot11WidsEapolFloodStopTime is populated when no flood conditions are observed following the initial observation at the time indicated by cDot11WidsEapolFloodStartTime. This can be illustrated by the following example. Assume that the monitoring interval is configured to 1 minute through the cDot11WidsEapolFloodInterval object and the number of attempts is set to 5. At the end of the first minute after this configuration is made, client c1 is found to have made 4 attempts and another client c2 have made 3. Hence, in total, the attempt count exceeds 7 and the agent adds a new row to this table. The cDot11WidsFloodStopTime carries a value of 0 at this point in the newly added row. The MIB object cDot11WidsEapolFloodClientMac at this point holds the MAC address of c1 and cDot11WidsEapolFloodClientCount holds the value of 4. At the end of the second interval, assume that the clients are found to have made only 4 attempts in total with c1 and c2 making 3 and 1 attempt(s) respectively. Now the total count is not found to exceed the threshold. Hence the flood is observed to be stopped. The object cDot11WidsEapolFloodStopTime is now populated with this time at which the flood is observed to be stopped. The MIB object cDot11WidsEapolFloodClientMac at this point holds c1's MAC address and cDot11WidsEapolFloodClientCount would hold a value of 7. If the count is found to exceed in the next interval, it will be treated as a beginning of a new flood event and hence a new entry will be created for the same. Assume the case where, at the end of the second interval, the total count continues at the rate above the threshold, with c1 making 5 and c2 making 2 attempts respectively. Since the flood is not observed to be stopped, the object cDot11WidsFloodStopTime continues to hold a value of zero. The agent at anytime will retain only the most recent and maximum number of entries, as given by cDot11WidsFloodMaxEntriesPerIntf, for a particular value of ifIndex. The older entries are purged automatically when the number of entries for a particular ifIndex reaches its maximum. This table has a expansion dependent relationship with ifTable defined in IF-MIB. There exists a row in this table corresponding to the row for each interface of iftype ieee80211(71) found in ifTable. cDot11WidsEapolFloodIndex acts as the expansion index. " ::= { ciscoDot11WidsAuthFailures 7 }
cDot11WidsEapolFloodTable OBJECT-TYPE SYNTAX SEQUENCE OF CDot11WidsEapolFloodEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This table gives the statistics on the EAPOL flood attacks observed at this radio interface. An entry in this table is created by the agent when this 802.11 station detects an EAPOL flood attack. All the columns in the entries except the cDot11WidsEapolFloodStopTime are populated when the attack is observed first. The object cDot11WidsEapolFloodStopTime is populated when no flood conditions are observed following the initial observation at the time indicated by cDot11WidsEapolFloodStartTime. This can be illustrated by the following example. Assume that the monitoring interval is configured to 1 minute through the cDot11WidsEapolFloodInterval object and the number of attempts is set to 5. At the end of the first minute after this configuration is made, client c1 is found to have made 4 attempts and another client c2 have made 3. Hence, in total, the attempt count exceeds 7 and the agent adds a new row to this table. The cDot11WidsFloodStopTime carries a value of 0 at this point in the newly added row. The MIB object cDot11WidsEapolFloodClientMac at this point holds the MAC address of c1 and cDot11WidsEapolFloodClientCount holds the value of 4. At the end of the second interval, assume that the clients are found to have made only 4 attempts in total with c1 and c2 making 3 and 1 attempt(s) respectively. Now the total count is not found to exceed the threshold. Hence the flood is observed to be stopped. The object cDot11WidsEapolFloodStopTime is now populated with this time at which the flood is observed to be stopped. The MIB object cDot11WidsEapolFloodClientMac at this point holds c1's MAC address and cDot11WidsEapolFloodClientCount would hold a value of 7. If the count is found to exceed in the next interval, it will be treated as a beginning of a new flood event and hence a new entry will be created for the same. Assume the case where, at the end of the second interval, the total count continues at the rate above the threshold, with c1 making 5 and c2 making 2 attempts respectively. Since the flood is not observed to be stopped, the object cDot11WidsFloodStopTime continues to hold a value of zero. The agent at anytime will retain only the most recent and maximum number of entries, as given by cDot11WidsFloodMaxEntriesPerIntf, for a particular value of ifIndex. The older entries are purged automatically when the number of entries for a particular ifIndex reaches its maximum. This table has a expansion dependent relationship with ifTable defined in IF-MIB. There exists a row in this table corresponding to the row for each interface of iftype ieee80211(71) found in ifTable. cDot11WidsEapolFloodIndex acts as the expansion index. " ::= { ciscoDot11WidsAuthFailures 7 }
Vendor: Cisco
Module: CISCO-DOT11-WIDS-MIB
[Automatically extracted from oidview.com]
cDot11WidsEapolFloodTable OBJECT-TYPE SYNTAX SEQUENCE OF CDot11WidsEapolFloodEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table gives the statistics on the EAPOL flood attacks observed at this radio interface. An entry in this table is created by the agent when this 802.11 station detects an EAPOL flood attack. All the columns in the entries except the cDot11WidsEapolFloodStopTime are populated when the attack is observed first. The object cDot11WidsEapolFloodStopTime is populated when no flood conditions are observed following the initial observation at the time indicated by cDot11WidsEapolFloodStartTime. This can be illustrated by the following example. Assume that the monitoring interval is configured to 1 minute through the cDot11WidsEapolFloodInterval object and the number of attempts is set to 5. At the end of the first minute after this configuration is made, client c1 is found to have made 4 attempts and another client c2 have made 3. Hence, in total, the attempt count exceeds 7 and the agent adds a new row to this table. The cDot11WidsFloodStopTime carries a value of 0 at this point in the newly added row. The MIB object cDot11WidsEapolFloodClientMac at this point holds the MAC address of c1 and cDot11WidsEapolFloodClientCount holds the value of 4. At the end of the second interval, assume that the clients are found to have made only 4 attempts in total with c1 and c2 making 3 and 1 attempt(s) respectively. Now the total count is not found to exceed the threshold. Hence the flood is observed to be stopped. The object cDot11WidsEapolFloodStopTime is now populated with this time at which the flood is observed to be stopped. The MIB object cDot11WidsEapolFloodClientMac at this point holds c1's MAC address and cDot11WidsEapolFloodClientCount would hold a value of 7. If the count is found to exceed in the next interval, it will be treated as a beginning of a new flood event and hence a new entry will be created for the same. Assume the case where, at the end of the second interval, the total count continues at the rate above the threshold, with c1 making 5 and c2 making 2 attempts respectively. Since the flood is not observed to be stopped, the object cDot11WidsFloodStopTime continues to hold a value of zero. The agent at anytime will retain only the most recent and maximum number of entries, as given by cDot11WidsFloodMaxEntriesPerIntf, for a particular value of ifIndex. The older entries are purged automatically when the number of entries for a particular ifIndex reaches its maximum. This table has a expansion dependent relationship with ifTable defined in IF-MIB. There exists a row in this table corresponding to the row for each interface of iftype ieee80211(71) found in ifTable. cDot11WidsEapolFloodIndex acts as the expansion index. " ::= { ciscoDot11WidsAuthFailures 7 }
cDot11WidsEapolFloodTable OBJECT-TYPE SYNTAX SEQUENCE OF CDot11WidsEapolFloodEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table gives the statistics on the EAPOL flood attacks observed at this radio interface. An entry in this table is created by the agent when this 802.11 station detects an EAPOL flood attack. All the columns in the entries except the cDot11WidsEapolFloodStopTime are populated when the attack is observed first. The object cDot11WidsEapolFloodStopTime is populated when no flood conditions are observed following the initial observation at the time indicated by cDot11WidsEapolFloodStartTime. This can be illustrated by the following example. Assume that the monitoring interval is configured to 1 minute through the cDot11WidsEapolFloodInterval object and the number of attempts is set to 5. At the end of the first minute after this configuration is made, client c1 is found to have made 4 attempts and another client c2 have made 3. Hence, in total, the attempt count exceeds 7 and the agent adds a new row to this table. The cDot11WidsFloodStopTime carries a value of 0 at this point in the newly added row. The MIB object cDot11WidsEapolFloodClientMac at this point holds the MAC address of c1 and cDot11WidsEapolFloodClientCount holds the value of 4. At the end of the second interval, assume that the clients are found to have made only 4 attempts in total with c1 and c2 making 3 and 1 attempt(s) respectively. Now the total count is not found to exceed the threshold. Hence the flood is observed to be stopped. The object cDot11WidsEapolFloodStopTime is now populated with this time at which the flood is observed to be stopped. The MIB object cDot11WidsEapolFloodClientMac at this point holds c1's MAC address and cDot11WidsEapolFloodClientCount would hold a value of 7. If the count is found to exceed in the next interval, it will be treated as a beginning of a new flood event and hence a new entry will be created for the same. Assume the case where, at the end of the second interval, the total count continues at the rate above the threshold, with c1 making 5 and c2 making 2 attempts respectively. Since the flood is not observed to be stopped, the object cDot11WidsFloodStopTime continues to hold a value of zero. The agent at anytime will retain only the most recent and maximum number of entries, as given by cDot11WidsFloodMaxEntriesPerIntf, for a particular value of ifIndex. The older entries are purged automatically when the number of entries for a particular ifIndex reaches its maximum. This table has a expansion dependent relationship with ifTable defined in IF-MIB. There exists a row in this table corresponding to the row for each interface of iftype ieee80211(71) found in ifTable. cDot11WidsEapolFloodIndex acts as the expansion index. " ::= { ciscoDot11WidsAuthFailures 7 }
OID | Name | Sub children | Sub Nodes Total | Description |
---|---|---|---|---|
1.3.6.1.4.1.9.9.456.1.1.7.1 | cDot11WidsEapolFloodEntry | 6 | 6 | An entry holds the statistics about one instance of EAPOL flood attack observed at this particular radio interface. |
OID | Name | Sub children | Sub Nodes Total | Description |
---|---|---|---|---|
1.3.6.1.4.1.9.9.456.1.1.1 | cDot11WidsFloodDetectEnable | 1 | 1 | This object is used to enable or disable the WIDS flood detection feature. Set this MIB object to 'true' to enable the flood detec… |
1.3.6.1.4.1.9.9.456.1.1.2 | cDot11WidsEapolFloodThreshold | 1 | 1 | This object specifies the maximum number of authentication attempts allowed for all the clients taken together in the interval sp… |
1.3.6.1.4.1.9.9.456.1.1.3 | cDot11WidsEapolFloodInterval | 1 | 1 | This object specifies the time duration for which the client authentication attempts have to be monitored for detecting the flood… |
1.3.6.1.4.1.9.9.456.1.1.4 | cDot11WidsBlackListThreshold | 1 | 1 | This object configures the maximum threshold on the number of unsuccessful authentication attempts, that can be made by a particu… |
1.3.6.1.4.1.9.9.456.1.1.5 | cDot11WidsBlackListDuration | 1 | 1 | This object indicates the time duration for which a particular client has to be kept in the black list after the number of unsucc… |
1.3.6.1.4.1.9.9.456.1.1.6 | cDot11WidsFloodMaxEntriesPerIntf | 1 | 1 | This object indicates the maximum number of entries that can be held for a particular 802.11 radio interface identified by ifInde… |
1.3.6.1.4.1.9.9.456.1.1.8 | cDot11WidsBlackListTable | 1 | 4 | This table gives the information about the 802.11 wireless clients that have been blacklisted while attempting to get authenticat… |