Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

[Scanning] drop rate-1 exceeded - causing PIX to drop

I am getting the following message in PIX-515 log file:

[ Scanning] drop rate-1 exceeded. Current burst rate is 10 per second, max configured rate is 10; Current average rate is 2 per second, max configured rate is 5; Cumulative total count is 1283

Pix is running Security Appliance Software Version 8.0(2)

I found on Cisco Web explanation that this is a "scanning attack" but I have no clue how to troubleshoot it. Anybody have experience with this kind of situation?

This is causing PIX to drop connection between my serveres and application need to be restarted manually which is causing company wide havoc.

Any help appreciated


Re: [Scanning] drop rate-1 exceeded - causing PIX to drop

The specified object in the system log message has exceeded the specified burst threshold rate or average threshold rate. The object can be drop activity of a host, TCP/UDP port, IP protocol, or various drops due to potential attacks. It indicates the system is under potential attack.

CreatePlease to create content