Error messages on ASA

Unanswered Question
May 15th, 2012
User Badges:

I see following message very frequent on ASA ASDM Syslog messages window; what could be possible reason of these messages and what is the remedy to it.

[ Scanning] drop rate-1 exceeded. Current burst rate is 42 per second, max configured rate is 10; Current average rate is 60 per second, max configured rate is 5; Cumulative total count is 36350

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marcin Latosiewicz Tue, 05/15/2012 - 10:17
User Badges:
  • Cisco Employee,

those are produced by threat detection features.

show run all threat-detection   

will all you to see all settings.

rehan_uet Tue, 05/15/2012 - 10:28
User Badges:

My understanding is there is no harm of these messages and these messages just give the alert about attack; am I correct?

Marcin Latosiewicz Tue, 05/15/2012 - 10:35
User Badges:
  • Cisco Employee,

It's not only that.

There is certain level of "inteligence" built into TD that should catch detect attack.

But riddle me this, how is TD supposed to differentiate between an actual attack and a misconfigured network device flooding/looping packets.

A typical scenario I saw causing this, syslog/snmp packets sent through the firewall coincidentally were treated as an attack because of the amount of packets in short bursts. In this case the root cause turned out ot be ops personel setting logging level to high for some unrelated troubleshooting session and not setting it back.


This Discussion

Related Content