Drop Rate Exceeded

Unanswered Question
Jul 30th, 2009

I just upgrade our MARS to 6.03 and and I am getting this message from our ASA. I was simply going to place in a drop rule, but there is no IP address to use for the rule. The IP address are all NA.

Drop Rate Exceeded N/A 0 N/A N/A N/A

Can I create a rule to drp this alert?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
aghaznavi Wed, 08/05/2009 - 05:33

After you upgrade MARS from version 6.0.2 to 6.0.3, it appears that drop rules are ignored.

Update your MARS with the patch release 6.0.3 (3188) (csmars- in order to correct the potential issues with drop rules.


The specified object in the system log message has exceeded the specified burst threshold rate or average threshold rate. The object can be drop activity of a host, TCP/UDP port, IP protocol, or various drops due to potential attacks. It indicates the system is under potential attack.

scootertgm Wed, 08/05/2009 - 05:50

When I upgraded, I went from 4.36 to 6.03 3188. Drop rules are working.

The issue is I get the following messages:

Drop Rate Exceeded N/A N/A N/A N/A N/A Aug 5, 2009 6:38:55 AM PDT

From the ASA. I can't create a drop rule for those events as it needs an IP to drop from. How would I make a rule to not see these events?

tichomir.kotek Sat, 08/08/2009 - 11:39

drop rules do not need an IP. just create drop rule with wizzard and then edit created drop rule and change src to ANY. should be working


This Discussion