Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet
3-33
思科 ASA 系列命令参考,S 命令
第 3 章 show as-path-access-list 至 show auto-update 命令
show asp drop
----------------------------------------------------------------
Name: dns-guard-out-of-app-id
DNS Guard out of App ID:
This counter will increment when the DNS Guard function fails to allocate a data
structure to store the identification of the DNS message.
Recommendation:
Check the system memory usage.This event normally happens when the system runs short
of memory.
Syslogs:
None.
----------------------------------------------------------------
Name: dns-guard-id-not-matched
DNS Guard ID not matched:
This counter will increment when the identification of the DNS response message does
not match any DNS queries that passed across the appliance earlier on the same
connection.This counter will increment by the DNS Guard function.
Recommendation:
No action required if it is an intermittent event.If the cause is an attack, you can
deny the host using the ACLs.
Syslogs:
None.
----------------------------------------------------------------
Name: inspect-rtp-invalid-length
Invalid RTP Packet length:
This counter will increment when the UDP packet length is less than the size of the
RTP header.
Recommendation:
No action required.A capture can be used to figure out which RTP source is sending the
incorrect packets and you can deny the host using the ACLs.
Syslogs:
None.
----------------------------------------------------------------
Name: inspect-rtp-invalid-version
Invalid RTP Version field:
This counter will increment when the RTP version field contains a version other than 2.
Recommendation:
The RTP source in your network does not seem to be sending RTP packets conformant with
the RFC 1889.The reason for this has to be identified and you can deny the host using ACLs
if required.
Syslogs:
431001.
----------------------------------------------------------------
Name: inspect-rtp-invalid-payload-type
Invalid RTP Payload type field:
This counter will increment when the RTP payload type field does not contain an audio
payload type when the signalling channel negotiated an audio media type for this RTP
secondary connection.The counter increments similarly for the video payload type.