01-31-2012 07:51 AM - edited 03-11-2019 03:21 PM
I have the threat-detection setup like the following:
threat-detection rate scanning-threat rate-interval 600 average-rate 6 burst-rate 20
threat-detection rate scanning-threat rate-interval 1200 average-rate 5 burst-rate 15
threat-detection rate scanning-threat rate-interval 3600 average-rate 4 burst-rate 8
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address 10.1.0.0 255.255.0.0
threat-detection scanning-threat shun except ip-address 10.2.0.0 255.255.0.0
threat-detection scanning-threat shun except ip-address 10.1.0.40 255.255.255.255
threat-detection scanning-threat shun except ip-address 10.4.5.0 255.255.255.0
threat-detection scanning-threat shun except ip-address 10.1.5.0 255.255.255.0
threat-detection scanning-threat shun except ip-address 10.2.5.0 255.255.255.0
threat-detection scanning-threat shun duration 3600
threat-detection statistics host
threat-detection statistics port
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
1/31/2012 7:05:29 AM | %ASA-4-733100: [ Scanning] drop rate-3 exceeded. Current burst rate is 9 per second, max configured rate is 8; Current average rate is 0 per second, max configured rate is 4; Cumulative total count is 3290 |
1/31/2012 7:05:09 AM | %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 26 per second, max configured rate is 20; Current average rate is 2 per second, max configured rate is 6; Cumulative total count is 1590 |
1/31/2012 7:05:09 AM | %ASA-4-733100: [ Scanning] drop rate-2 exceeded. Current burst rate is 20 per second, max configured rate is 15; Current average rate is 1 per second, max configured rate is 5; Cumulative total count is 1713 |
1/31/2012 7:04:29 AM | %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 31 per second, max configured rate is 20; Current average rate is 1 per second, max configured rate is 6; Cumulative total count is 792 |
1/31/2012 7:04:29 AM | %ASA-4-733100: [ Scanning] drop rate-2 exceeded. Current burst rate is 15 per second, max configured rate is 15; Current average rate is 0 per second, max configured rate is 5; Cumulative total count is 919 |
1/31/2012 6:22:31 AM | %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 20 per second, max configured rate is 20; Current average rate is 1 per second, max configured rate is 6; Cumulative total count is 805 |
The Devices that are generating them (I believe) are IP Phones. They are the devices listed in the 10.x.5.0/24 range.
When I do a 'show shun' I get nothing back.
What Gives?