https://community.cisco.com/t5/network-security/asa-error-message-is-my-network-under-attack/m-p/1575258#M578785 <HTML><HEAD></HEAD><BODY><P>Great reply.</P><P>Thank you very much.</P></BODY></HTML> Sat, 04 Dec 2010 16:49:22 GMT Russell Pearson 2010-12-04T16:49:22Z https://community.cisco.com/t5/network-security/asa-error-message-is-my-network-under-attack/m-p/1575256#M578783 <P>Hey there,</P><P>My network has been slow and I'm looking in the asa logs.<BR />I see the following message...<BR />Dec 03 2010 14:32:34: %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 11 per second, max configured rate is 10; Current average rate is 2 per second, max configured rate is 5; Cumulative total count is 1302</P><P>What exactly does this mean?<BR />Is it a vulnerable network/device attack, or intended as a DOS attack?<BR />If so, what can I do to stop it?</P><P>Thanks in advance.</P> Mon, 11 Mar 2019 19:18:08 GMT https://community.cisco.com/t5/network-security/asa-error-message-is-my-network-under-attack/m-p/1575256#M578783 Russell Pearson 2019-03-11T19:18:08Z https://community.cisco.com/t5/network-security/asa-error-message-is-my-network-under-attack/m-p/1575257#M578784 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>You're seeing those messages because the threat-detection feature on the ASA is enabled and it is letting you know that the ASA was dropping packets at a burst rate of 11 per second. This message is intended as an alert that the ASA is dropping a significant amount of packets that is beyond the configured threshold (10).</P><P></P><P>To see what packets are being dropped, you can do a 'show asp drop'. This will give you the number of packets that have been dropped by the ASA and the reasons they were dropped. The best way to troubleshoot this is to do 'clear asp drop' to reset the counters and then configure an ASP drop capture with the 'capture drop type asp-drop all' command. Once this is setup, you can use 'show asp drop' and 'show capture drop' to understand what specific packets are being dropped and why. This will give you an indication if the messages are referring to a network attack, a configuration problem, or if this is just a normal rate of dropped packets for your environment.</P><P></P><P>Here is a list of the various drop reasons and their explanations:</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s2.html#wp1435096">http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s2.html#wp1435096</A></P><P></P><P>And here is an explanation of the syslog message you're seeing, which includes some recommended actions:</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html#wp4963969">http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html#wp4963969</A></P><P></P><P>Hope that helps.</P><P></P><P>-Mike</P></BODY></HTML> Sat, 04 Dec 2010 14:54:44 GMT https://community.cisco.com/t5/network-security/asa-error-message-is-my-network-under-attack/m-p/1575257#M578784 mirober2 2010-12-04T14:54:44Z https://community.cisco.com/t5/network-security/asa-error-message-is-my-network-under-attack/m-p/1575258#M578785 <HTML><HEAD></HEAD><BODY><P>Great reply.</P><P>Thank you very much.</P></BODY></HTML> Sat, 04 Dec 2010 16:49:22 GMT https://community.cisco.com/t5/network-security/asa-error-message-is-my-network-under-attack/m-p/1575258#M578785 Russell Pearson 2010-12-04T16:49:22Z