https://community.cisco.com/t5/network-security/asa-5510/m-p/1172684#M875252 <HTML><HEAD></HEAD><BODY><P>I'm receiving the same messages on log:</P><P></P><TABLE><TBODY><TR><TD>[ Scanning] drop rate-1 exceeded. Current burst rate is 10 per second, max configured rate is 10; Current average rate is 9 per second, max configured rate is 5; Cumulative total count is 5622</TD></TR></TBODY></TABLE><P></P><TABLE><TBODY><TR><TD><P>[ Scanning] drop rate-2 exceeded. Current burst rate is 8 per second, max configured rate is 8; Current average rate is 8 per second, max configured rate is 4; Cumulative total count is 31781</P><TABLE><TBODY><TR><TD>[ Scanning] drop rate-1 exceeded. Current burst rate is 10 per second, max configured rate is 10; Current average rate is 9 per second, max configured rate is 5; Cumulative total count is 5915</TD></TR></TBODY></TABLE><P></P><TABLE><TBODY><TR><TD>[ Scanning] drop rate-2 exceeded. Current burst rate is 8 per second, max configured rate is 8; Current average rate is 8 per second, max configured rate is 4; Cumulative total count is 31911</TD></TR></TBODY></TABLE><P></P><TABLE><TBODY><TR><TD><P>[ Scanning] drop rate-1 exceeded. Current burst rate is 10 per second, max configured rate is 10; Current average rate is 9 per second, max configured rate is 5; Cumulative total count is 5915</P><P>.</P><P>.</P><P>.</P></TD></TR></TBODY></TABLE><P></P><P></P><P></P><P></P><P></P><P></P><P>It happens all the time.</P><P> It doesn't show the source or destination.</P><P>I'm using ASDM 6.1 - ASA 5510</P><P></P><P>How can I avoid this messagens and protect from this scanning attacks?</P><P></P><P>Thank's,</P><P>Renato</P></TD></TR></TBODY></TABLE></BODY></HTML> Fri, 17 Feb 2012 15:01:26 GMT renatoaureliano 2012-02-17T15:01:26Z https://community.cisco.com/t5/network-security/asa-5510/m-p/1172680#M875248 <P>All-</P><P>What is this message I see in the fws log?</P><P></P><P>[ Scanning] drop rate-1 exceeded.</P><P></P><P>Thanks,</P><P>Vlad</P> Mon, 11 Mar 2019 15:02:13 GMT https://community.cisco.com/t5/network-security/asa-5510/m-p/1172680#M875248 hunnetvl01 2019-03-11T15:02:13Z https://community.cisco.com/t5/network-security/asa-5510/m-p/1172681#M875249 <HTML><HEAD></HEAD><BODY><P>Please check the following link for the explannation.</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4963969" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4963969</A></P></BODY></HTML> Mon, 09 Mar 2009 20:57:41 GMT https://community.cisco.com/t5/network-security/asa-5510/m-p/1172681#M875249 Yudong Wu 2009-03-09T20:57:41Z https://community.cisco.com/t5/network-security/asa-5510/m-p/1172682#M875250 <HTML><HEAD></HEAD><BODY><P>By the way "scanning drop" includes:</P><P>ACL drop, Bad packet drop, Conn limit drop, ICMP drop, Inspect drop, Interface drop and Syn attack.</P></BODY></HTML> Mon, 09 Mar 2009 21:04:12 GMT https://community.cisco.com/t5/network-security/asa-5510/m-p/1172682#M875250 Yudong Wu 2009-03-09T21:04:12Z https://community.cisco.com/t5/network-security/asa-5510/m-p/1172683#M875251 <HTML><HEAD></HEAD><BODY><P>is there a way I can check what hosts were previously shunned if now I cant see any.</P><P></P><P>I have the log which says rate exceeded but I want to see which were the shunned hosts.</P><P>I cant see any with sh threat-detection shun</P><P>Thanks,</P><P>V</P><P></P><P></P></BODY></HTML> Tue, 10 Mar 2009 13:21:03 GMT https://community.cisco.com/t5/network-security/asa-5510/m-p/1172683#M875251 hunnetvl01 2009-03-10T13:21:03Z https://community.cisco.com/t5/network-security/asa-5510/m-p/1172684#M875252 <HTML><HEAD></HEAD><BODY><P>I'm receiving the same messages on log:</P><P></P><TABLE><TBODY><TR><TD>[ Scanning] drop rate-1 exceeded. Current burst rate is 10 per second, max configured rate is 10; Current average rate is 9 per second, max configured rate is 5; Cumulative total count is 5622</TD></TR></TBODY></TABLE><P></P><TABLE><TBODY><TR><TD><P>[ Scanning] drop rate-2 exceeded. Current burst rate is 8 per second, max configured rate is 8; Current average rate is 8 per second, max configured rate is 4; Cumulative total count is 31781</P><TABLE><TBODY><TR><TD>[ Scanning] drop rate-1 exceeded. Current burst rate is 10 per second, max configured rate is 10; Current average rate is 9 per second, max configured rate is 5; Cumulative total count is 5915</TD></TR></TBODY></TABLE><P></P><TABLE><TBODY><TR><TD>[ Scanning] drop rate-2 exceeded. Current burst rate is 8 per second, max configured rate is 8; Current average rate is 8 per second, max configured rate is 4; Cumulative total count is 31911</TD></TR></TBODY></TABLE><P></P><TABLE><TBODY><TR><TD><P>[ Scanning] drop rate-1 exceeded. Current burst rate is 10 per second, max configured rate is 10; Current average rate is 9 per second, max configured rate is 5; Cumulative total count is 5915</P><P>.</P><P>.</P><P>.</P></TD></TR></TBODY></TABLE><P></P><P></P><P></P><P></P><P></P><P></P><P>It happens all the time.</P><P> It doesn't show the source or destination.</P><P>I'm using ASDM 6.1 - ASA 5510</P><P></P><P>How can I avoid this messagens and protect from this scanning attacks?</P><P></P><P>Thank's,</P><P>Renato</P></TD></TR></TBODY></TABLE></BODY></HTML> Fri, 17 Feb 2012 15:01:26 GMT https://community.cisco.com/t5/network-security/asa-5510/m-p/1172684#M875252 renatoaureliano 2012-02-17T15:01:26Z https://community.cisco.com/t5/network-security/asa-5510/m-p/1172685#M875253 <HTML><HEAD></HEAD><BODY><P>Found Solution for drop rate-1:</P><P></P><P><A _jive_internal="true" href="https://community.cisco.com/thread/228276">https://supportforums.cisco.com/thread/228276</A><SPAN> </SPAN></P><P>The syslogs "[ Scanning] drop rate-1 exceeded." mean the you have exceeded the "Scanning attack detected" threshold.</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style-type: none; font-family: Arial, verdana, sans-serif;">Shows a threshold that you exceeded.</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style-type: none; font-family: Arial, verdana, sans-serif;">But threat detection will not drop unless you tell it to.</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style-type: none; font-family: Arial, verdana, sans-serif;">The default behavior is to just alert (generate syslog).</P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style-type: none; font-family: Arial, verdana, sans-serif;">So I would like to know if drop rate-2 is the same.</P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style-type: none; font-family: Arial, verdana, sans-serif;">Thank's.</P><P></P><P></P><P><SPAN><BR /></SPAN></P></BODY></HTML> Fri, 17 Feb 2012 19:31:49 GMT https://community.cisco.com/t5/network-security/asa-5510/m-p/1172685#M875253 renatoaureliano 2012-02-17T19:31:49Z