cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
766
Views
0
Helpful
2
Replies

How can I see the source of this packets?

emilio1973
Level 1
Level 1

Hi all,

on my asa log, i can see this message (add image) I wonder what the source of these packages. I configured a capture but I don't know what is the command to see packets that were drop by threat-detection:

capture TEST_CAPTURE type asp-drop ??

Thanks in advanced

2 Replies 2

varrao
Level 10
Level 10

Hi Emilio,

Its not a packety sent by any source it is a warning  message generated by the basic threat detection enabled on your ASA by  default. To read more about the syslog, you can refer this;

http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html#wp4963969

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

Hi Varun, thanks for the reply:

I don't understand what you mean with "Its not a packety sent by any source " I'll try to explain better although my English it's not very good. The ASA works only like head end of VPN connections and my doubt is if these drop "packets" are legitimate but sent in a too ratio. And if there are packages that otherwise might be? I´m very confused for this:

The threat detection feature can be described by the following three levels:

Basic threat detection:

Monitors the average and burst rate of dropped packets and

security events over an interval; generates a logging message when a threshold is

exceeded

Advanced threat detection:

Gathers statistics for both allowed and denied packets

for objects such as hosts, protocols, ports, and access lists; generates a logging message

when the TCP Intercept rate exceeds a threshold

Scanning threat detection:

Maintains a database of suspicious activity for each

host; can detect a host that is scanning for vulnerable targets based on the average

and burst rates of scanning events; generates logging messages and can automatically

shun attacking hosts

You can configure threat detection in phases, adding more progressive levels as needed.

Be aware that advanced and scanning threat detection can tax the ASA resources because

they monitor and gather extensive and granular information.

Thanks for your time

Review Cisco Networking for a $25 gift card