05-15-2012 09:48 AM - edited 03-11-2019 04:07 PM
I see following message very frequent on ASA ASDM Syslog messages window; what could be possible reason of these messages and what is the remedy to it.
[ Scanning] drop rate-1 exceeded. Current burst rate is 42 per second, max configured rate is 10; Current average rate is 60 per second, max configured rate is 5; Cumulative total count is 36350
05-15-2012 10:17 AM
those are produced by threat detection features.
show run all threat-detection
will all you to see all settings.
05-15-2012 10:18 AM
Should I ignore these messages?
05-15-2012 10:25 AM
That's up to you :-)
The defaults are pretty OK, but it's hard to configure something that would be optimal for everyone.
More info:
http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4963969
05-15-2012 10:28 AM
My understanding is there is no harm of these messages and these messages just give the alert about attack; am I correct?
05-15-2012 10:35 AM
It's not only that.
There is certain level of "inteligence" built into TD that should catch detect attack.
But riddle me this, how is TD supposed to differentiate between an actual attack and a misconfigured network device flooding/looping packets.
A typical scenario I saw causing this, syslog/snmp packets sent through the firewall coincidentally were treated as an attack because of the amount of packets in short bursts. In this case the root cause turned out ot be ops personel setting logging level to high for some unrelated troubleshooting session and not setting it back.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: