Hi Kabeer,
That is because of the threat detection value set on your ASA. This might be an attack.
Because of the scanning rate configured and the
threat-detection rate scanning-rate 3600
average-rate 15
command:
%ASA-4-733100: [144.60.88.2] drop rate-2 exceeded. Current burst rate is 0 per
second, max configured rate is 8; Current average rate is 5 per second, max
configured rate is 4; Cumulative total count is 38086
Recommended Action
Perform the following steps
according to the specified
object type that appears
in the message:
1.
If the object in the message is one of the following:
–
Firewall
–
Bad pkts
–
Rate limit
–
DoS attck
–
ACL drop
–
Conn limit
–
ICMP attck
–
Scanning
–
SYN attck
–
Inspect
–
Interface
Check whether the drop rate is ac
ceptable for the running environment.
2.
Adjust the threshold rate of the particular drop to an appropriate value by using the
threat-detection rate
xxx command, where
xxx
is one of the following:
–
acl-drop
–
bad-packet-drop
–
conn-limit-drop
–
dos-drop
–
fw-drop
–
icmp-drop
–
inspect-drop
–
interface-drop
–
scanning-threat
–
syn-attack
3.
If the object in the message is a TCP or UDP port
, an IP address, or a
host drop, check whether
or not the drop rate is accepta
ble for the running environment.
4.
Adjust the threshold rate of the particular drop to an appropriate value by using the
threat-detection rate bad-packet-drop
command.
Note
If you do not want the drop rate exceed warning to appear, you can disable it by using
the
no threat-detection basic-threat command.
You can refer the below mentioned cisco document for more information.
http://www.cisco.com/c/en/us/td/docs/security/asa/syslog-guide/syslogs.pdf
Regards
Karthik
