Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

threat detection in ASA 5505

 

Hi Everyone,

 

i am seeing this log in ASA

May 23 2014 22:03:40: %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 26 per second, max configured rate is 10; Current average rate is 3 per second, max configured rate is 5; Cumulative total count is 2252

 

May 22 2014 20:48:53: %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 14 per second, max configured rate is 10; Current average rate is 1 per second, max configured rate is 5; Cumulative total count is 716

i checked

ASA1# sh conn
28 in use, 567 most used

 

ASA1#               sh threat-detection statistics
Top          Name   Id    Average(eps)    Current(eps) Trigger      Total events
  1-hour ACL  hits:
01  inside_access_in/37.1               1               0       0              4542
02  outside_access_in/1               1               0       0              3688
03  inside_access_in/29.1               0               0       0               656
04  inside_access_in/37.4               0               0       0               546
05  inside_access_in/38               0               0       0                36
06  inside_access_in/29.2               0               0       0                34
07  sales_access_in/6                0               0       0                15
08  inside_access_in/27.1               0               0       0                 9
09  inside_access_in/26.2               0               0       0                 4
10  inside_access_in/18               0               0       0                 2
  8-hour ACL  hits:
01  inside_access_in/37.1               0               1       0              6030
02  outside_access_in/1               0               0       0              4118
03  inside_access_in/29.1               0               0       0              1230
04  inside_access_in/37.4               0               0       0               912
05  inside_access_in/38               0               0       0               113
06  sales_access_in/6                0               0       0                92
07  inside_access_in/27.1               0               0       0                57
08  inside_access_in/29.2               0               0       0                50
09  inside_access_in/26.2               0               0       0                17
10  inside_access_in/10               0               0       0                 7
 24-hour ACL  hits:
01  inside_access_in/37.1               0               1       0              7286
02  outside_access_in/1               0               0       0              6301
03  inside_access_in/29.1               0               0       0              1595
04  inside_access_in/37.4               0               0       0              1152
05  inside_access_in/38               0               0       0               409
06  inside_access_in/27.1               0               0       0               296
07  sales_access_in/6                0               0       0               217
08  inside_access_in/29.2               0               0       0                63
09  inside_access_in/26.2               0               0       0                59
10  inside_access_in/18               0               0       0                18

 

ASA1#               sh threat-detection rate
                          Average(eps)    Current(eps) Trigger      Total events
  10-min ACL  drop:                  2               0       0              1517
  1-hour ACL  drop:                  1               1       0              4641
  1-hour SYN attck:                  0               0       0                31
  10-min  Scanning:                  3               0     205              2258
  1-hour  Scanning:                  1               1       7              6841
  10-min Bad  pkts:                  1               0       0               734
  1-hour Bad  pkts:                  0               0       0              2123
  10-min  Firewall:                  3               0       0              2258
  1-hour  Firewall:                  1               1       0              6810
  10-min DoS attck:                  0               0       0                 7
  1-hour DoS attck:                  0               0       0                46
  10-min Interface:                  4               0       0              2537
  1-hour Interface:                  2               2       0              7950

 

Need to know why i am getting this message ?

what should i look for ASA to know if some bad traffic or attack to ASA is going on or not?

How can i confirm if ASA is working fine despite these log messages?

Regards

MAhesh

1 REPLY
New Member

Are there any scans being

Are there any scans being performed on your network? Perhaps a user or network monitoring solution? You can configure the "shun" option so the ASA places a block on the source host(s), but I don't recommend this until you know what's causing the syslog.

373
Views
0
Helpful
1
Replies
CreatePlease login to create content