ASA 5505 Dispatch CPU 100% DNS Inspect

Unanswered Question
Jan 15th, 2014
User Badges:

Hello Forum,


We have a 5505 that is getting nailed with DNS traffic and pegging the proc since an upgrade to 8.2.5 (See below).  It looks like legitimate traffic for the most part, but it is truly tough to tell. 


Global policy:

  Service-policy: global_policy

    Class-map: inspection_default

      Inspect: dns preset_dns_map, packet 132510954, drop 14650969, reset-drop 0

      Inspect: ftp, packet 1308, drop 0, reset-drop 0

      Inspect: h323 h225 _default_h323_map, packet 0, drop 0, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 0

      Inspect: h323 ras _default_h323_map, packet 0, drop 0, reset-drop 0

      Inspect: netbios, packet 32838, drop 0, reset-drop 0

      Inspect: rsh, packet 0, drop 0, reset-drop 0

      Inspect: rtsp, packet 0, drop 0, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 0

      Inspect: skinny , packet 0, drop 0, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 0

      Inspect: esmtp _default_esmtp_map, packet 27460, drop 0, reset-drop 0

      Inspect: sqlnet, packet 0, drop 0, reset-drop 0

      Inspect: sunrpc, packet 0, drop 0, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 0

      Inspect: tftp, packet 0, drop 0, reset-drop 0

      Inspect: sip , packet 359728, drop 15, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 0

      Inspect: xdmcp, packet 0, drop 0, reset-drop 0

      Inspect: ip-options _default_ip_options_map, packet 0, drop 0, reset-drop 0




show processes cpu-usage sorted non-zero

PC         Thread       5Sec     1Min     5Min   Process

081a86c4   c69ab3c8    97.9%    98.0%    96.3%   Dispatch Unit

08c15df6   c69a5548     1.1%     1.0%     1.1%   Logger

08bde96c   c698e520     0.2%     0.2%     1.6%   ssh

0812904c   c69a1a38     0.1%     0.1%     0.1%   CTM message handler

093315a4   c69a0490     0.1%     0.1%     0.1%   esw_stats




Can anyone point me in a direction to prevent this?  This never occured prior to an upgrade from 7.2 to 8.2.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion