ASA CSC-SSM - Drop Rate Exceeded

Unanswered Question
Apr 4th, 2009

Hi,


On ASA 5520 with CSC-SSM, I am getting the below log message. What does it mean ?


4|Apr 05 2009 09:45:52|733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 10 per second, max configured rate is 10; Current average rate is 13 per second, max configured rate is 5; Cumulative total count is 8155


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
htarra Thu, 04/09/2009 - 15:14

Recommended Action:


Perform these steps according to the specified object type that appears in the message:


1.


If the object in the syslog message is one of these:

*


Firewall

*


Bad pkts

*


Rate limit

*


DoS attack

*


ACL drop

*


Conn limit

*


ICMP attk

*


Scanning

*


SYN attck

*


Inspect

*


Interface


Check whether the drop rate is acceptable for the running environment.

2.


Adjust the threshold rate of the particular drop to an appropriate value by running the threat-detection rate xxx command, where xxx is one of these:

*


acl-drop

*


bad-packet-drop

*


conn-limit-drop

*


dos-drop

*


fw-drop

*


icmp-drop

*


inspect-drop

*


interface-drop

*


scanning-threat

*


syn-attack

3.


If the object in the syslog message is a TCP or UDP port, an IP protocol, or a host drop, check whether the drop rate is acceptable for the running environment.

4.


Adjust the threshold rate of the particular drop to an appropriate value by running the threat-detection rate bad-packet-drop command. Refer to the Configuring Basic Threat Detection section of the ASA 8.0 Configuration Guide for more information.


Actions

This Discussion