Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1672
Views
0
Helpful
0
Replies

Query regarding %ASA-4-733100 and %ASA-4-419002

fletcher1001
Level 1
Level 1

‎08-27-2020 03:20 AM

Hi

 

I have customer who lost connectivity to various severs for 20 minutes a few days ago.

 Looking in the logs at the time of the issue the following was seen:

 

%ASA-4-733100  [ Scanning] drop rate-2 exceeded. Current burst rate is 0 per second, max configured rate is 8; Current average rate is 13 per scond, max configured rate is 4; Cumulative total count is 50085

 

We have this set to 

threat-detection rate scanning-threat rate-interval 3600 average-rate 4 burst-rate 8 <<default

 

So its over the threshold, but does this mean that traffic would then be dropped? the firewall is configured with basic-threat:

threat-detection basic-threat
threat-detection statistics access-list

 

At the same time, there were also loads of 

 

%ASA-4-419002: Duplicate TCP SYN from outside:51.132.49.118/1091 to <redacted> with different initial sequence number

 

So the question is, if a scanning threat is detected, will the firewall be dropping all connectivity to a destination IP? From what I read on cisco document,  %ASA-4-733100  is informational only? is that correct?

 

 

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card