ASA CSC-SSM - Drop Rate Exceeded

cisco_lite · ‎04-04-2009

Hi,

On ASA 5520 with CSC-SSM, I am getting the below log message. What does it mean ?

4|Apr 05 2009 09:45:52|733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 10 per second, max configured rate is 10; Current average rate is 13 per second, max configured rate is 5; Cumulative total count is 8155

htarra · ‎04-09-2009

Recommended Action:

Perform these steps according to the specified object type that appears in the message:

1.

If the object in the syslog message is one of these:

*

Firewall

*

Bad pkts

*

Rate limit

*

DoS attack

*

ACL drop

*

Conn limit

*

ICMP attk

*

Scanning

*

SYN attck

*

Inspect

*

Interface

Check whether the drop rate is acceptable for the running environment.

2.

Adjust the threshold rate of the particular drop to an appropriate value by running the threat-detection rate xxx command, where xxx is one of these:

*

acl-drop

*

bad-packet-drop

*

conn-limit-drop

*

dos-drop

*

fw-drop

*

icmp-drop

*

inspect-drop

*

interface-drop

*

scanning-threat

*

syn-attack

3.

If the object in the syslog message is a TCP or UDP port, an IP protocol, or a host drop, check whether the drop rate is acceptable for the running environment.

4.

Adjust the threshold rate of the particular drop to an appropriate value by running the threat-detection rate bad-packet-drop command. Refer to the Configuring Basic Threat Detection section of the ASA 8.0 Configuration Guide for more information.