CISCO-SERVICE-CONTROL-ATTACK-MIB
This MIB provides data related to different types of attacks detected by a service control entity. A service control entity is a network device which monitors and controls traffic. The service control entity is used as a platform for different service control applications which may perform monitoring operations beyond packet counting and delve deeper into the contents of network traffic. It provides programmable stateful inspection of bidirectional traffic flows and maps these flows with user/subscriber ownership. An attack is a malicious network activity with certain traffic characteristics and which is targeted on a certain network entity. An attack can be identified by its type, direction, source address, destination address and ports. Once an attack is detected, an attack filter is activated based on the type of the attack and corresponding actions are taken in the monitored network - this is referred to as attack start. For example the attack filter can drop the attacking traffic. When the attack detector identifies that the attack characteristics are no longer exist, it ends the mitigation action - what is referred to as attack end. The attack mitigation action is also referred to as attack filtering in this MIB. The time duration of attack filtering between attack start to attack end along with the direction (upstream, downstream) is also maintained by the service control entity. Attack filtering can be applied from the subscriber side to the network side, in the upstream direction. The downstream attack filtering is done from the network side to the subscriber side. This MIB also defines notifications generated by the service control entity when an attack is detected on a monitored network.