Error messages on ASA

Unanswered Question
May 15th, 2012

I see following message very frequent on ASA ASDM Syslog messages window; what could be possible reason of these messages and what is the remedy to it.

[ Scanning] drop rate-1 exceeded. Current burst rate is 42 per second, max configured rate is 10; Current average rate is 60 per second, max configured rate is 5; Cumulative total count is 36350

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Marcin Latosiewicz Tue, 05/15/2012 - 10:17

those are produced by threat detection features.

show run all threat-detection   

will all you to see all settings.

rehan_uet Tue, 05/15/2012 - 10:28

My understanding is there is no harm of these messages and these messages just give the alert about attack; am I correct?

Marcin Latosiewicz Tue, 05/15/2012 - 10:35

It's not only that.

There is certain level of "inteligence" built into TD that should catch detect attack.

But riddle me this, how is TD supposed to differentiate between an actual attack and a misconfigured network device flooding/looping packets.

A typical scenario I saw causing this, syslog/snmp packets sent through the firewall coincidentally were treated as an attack because of the amount of packets in short bursts. In this case the root cause turned out ot be ops personel setting logging level to high for some unrelated troubleshooting session and not setting it back.

Actions

Login or Register to take actions

This Discussion

Posted May 15, 2012 at 9:48 AM
Stats:
Replies:5 Avg. Rating:
Views:222 Votes:0
Shares:0

Related Content

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446