Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1195
Views
0
Helpful
5
Replies

ASA 5510

Go to solution
hunnetvl01
Level 1
Level 1

‎03-09-2009 07:11 AM - edited ‎03-11-2019 08:02 AM

All-

What is this message I see in the fws log?

[ Scanning] drop rate-1 exceeded.

Thanks,

Vlad

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Yudong Wu
Level 7
Level 7
In response to Yudong Wu

‎03-09-2009 02:04 PM

By the way "scanning drop" includes:

ACL drop, Bad packet drop, Conn limit drop, ICMP drop, Inspect drop, Interface drop and Syn attack.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Yudong Wu
Level 7
Level 7

‎03-09-2009 01:57 PM

Please check the following link for the explannation.

http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4963969

0 Helpful

Go to solution
Yudong Wu
Level 7
Level 7
In response to Yudong Wu

‎03-09-2009 02:04 PM

By the way "scanning drop" includes:

ACL drop, Bad packet drop, Conn limit drop, ICMP drop, Inspect drop, Interface drop and Syn attack.

0 Helpful

Go to solution
hunnetvl01
Level 1
Level 1
In response to Yudong Wu

‎03-10-2009 06:21 AM

is there a way I can check what hosts were previously shunned if now I cant see any.

I have the log which says rate exceeded but I want to see which were the shunned hosts.

I cant see any with sh threat-detection shun

Thanks,

V

0 Helpful

Go to solution
renatoaureliano
Level 1
Level 1
In response to hunnetvl01

‎02-17-2012 07:01 AM

I'm receiving the same messages on log:

[ Scanning] drop rate-1 exceeded. Current burst rate is 10 per second, max configured rate is 10; Current average rate is 9 per second, max configured rate is 5; Cumulative total count is 5622

[ Scanning] drop rate-2 exceeded. Current burst rate is 8 per second, max configured rate is 8; Current average rate is 8 per second, max configured rate is 4; Cumulative total count is 31781

[ Scanning] drop rate-1 exceeded. Current burst rate is 10 per second, max configured rate is 10; Current average rate is 9 per second, max configured rate is 5; Cumulative total count is 5915

[ Scanning] drop rate-2 exceeded. Current burst rate is 8 per second, max configured rate is 8; Current average rate is 8 per second, max configured rate is 4; Cumulative total count is 31911

[ Scanning] drop rate-1 exceeded. Current burst rate is 10 per second, max configured rate is 10; Current average rate is 9 per second, max configured rate is 5; Cumulative total count is 5915

.

.

.

It happens all the time.

It doesn't show the source or destination.

I'm using ASDM 6.1 - ASA 5510

How can I avoid this messagens and protect from this scanning attacks?

Thank's,

Renato

0 Helpful

Go to solution
renatoaureliano
Level 1
Level 1
In response to renatoaureliano

‎02-17-2012 11:31 AM

Found Solution for drop rate-1:

https://supportforums.cisco.com/thread/228276

The syslogs "[ Scanning] drop rate-1 exceeded." mean the you have exceeded the "Scanning attack detected" threshold.

Shows a threshold that you exceeded.

But threat detection will not drop unless you tell it to.

The default behavior is to just alert (generate syslog).

So I would like to know if drop rate-2 is the same.

Thank's.


0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card