Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
327
Views
0
Helpful
1
Replies

scanning threat 733100 not showing source , destination or port

TPSupport298
Level 1
Level 1

‎09-30-2014 08:17 AM - edited ‎03-11-2019 09:50 PM

Running ASA 5510 with Software Version 8.2(2)

Device Manager 6.2(5)

We have threat detection enabled and shunning of hosts enabled .

 

We are seeing consistent logging of even 733100:

4Sep 30 201410:12:59733100    [ Scanning] drop rate-1 exceeded. Current burst rate is 2 per second, max configured rate is 10; Current average rate is 7 per second, max configured rate is 5; Cumulative total count is 4383

 

 

 

The source and destination IPs are not being shown for any of these scans . Is there a setting that I am missing ? Obviously we cannot shun any hosts if we don't have a host IP address .

Any input would be greatly appreciated.

 

thanks

Jack

Labels:
0 Helpful
1 Reply 1

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎10-04-2014 07:27 PM

Hi Jack,

As per your description , I think you only have the Basic Threat Detection enabled on the ASA device.

This syslog will never show the IP address. If you want to check the statistics per IP address basis , you would have to configure the Threat Detection Statistics on the ASA device:-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/conns_threat.html#wp1091680

Thanks and Regards,

Vibhor Amrodia

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card