Drop Rate Exceeded

Unanswered Question
Jul 30th, 2009
User Badges:

I just upgrade our MARS to 6.03 and and I am getting this message from our ASA. I was simply going to place in a drop rule, but there is no IP address to use for the rule. The IP address are all NA.

Drop Rate Exceeded N/A 0 N/A N/A N/A

Can I create a rule to drp this alert?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
aghaznavi Wed, 08/05/2009 - 05:33
User Badges:
  • Silver, 250 points or more

After you upgrade MARS from version 6.0.2 to 6.0.3, it appears that drop rules are ignored.

Update your MARS with the patch release 6.0.3 (3188) (csmars- in order to correct the potential issues with drop rules.


The specified object in the system log message has exceeded the specified burst threshold rate or average threshold rate. The object can be drop activity of a host, TCP/UDP port, IP protocol, or various drops due to potential attacks. It indicates the system is under potential attack.

scootertgm Wed, 08/05/2009 - 05:50
User Badges:

When I upgraded, I went from 4.36 to 6.03 3188. Drop rules are working.

The issue is I get the following messages:

Drop Rate Exceeded N/A N/A N/A N/A N/A Aug 5, 2009 6:38:55 AM PDT

From the ASA. I can't create a drop rule for those events as it needs an IP to drop from. How would I make a rule to not see these events?

tichomir.kotek Sat, 08/08/2009 - 11:39
User Badges:

drop rules do not need an IP. just create drop rule with wizzard and then edit created drop rule and change src to ANY. should be working


This Discussion