Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet
3-20
Cisco ASA Series 명령 참조 , S 명령
3장 show as-path-access-list through show auto-update 명령
show asp drop
This counter is incremented and the packet is dropped when the appliance receives a
TCP packet with a non-standard TCP header option.
Recommendations:
To allow such TCP packets or clear non-standard TCP header options and then allow the
packet, use tcp-options configuration under tcp-map.
Syslogs:
None
----------------------------------------------------------------
Name: tcp-mss-exceeded
TCP data exceeded MSS:
This counter is incremented and the packet is dropped when the appliance receives a
TCP packet with data length greater than the MSS advertised by peer TCP endpoint.
Recommendations:
To allow such TCP packets use exceed-mss configuration under tcp-map
Syslogs:
4419001
----------------------------------------------------------------
Name: tcp-synack-data
TCP SYNACK with data:
This counter is incremented and the packet is dropped when the appliance receives a
TCP SYN-ACK packet with data.
Recommendations:
The packet corruption may be caused by a bad cable or noise on the line. It may also
be that a TCP endpoint is sending corrupted packets and an attack is in progress. Please
use the packet capture feature to learn more about the origin of the packet.
Syslogs:
None
----------------------------------------------------------------
Name: tcp-syn-data
TCP SYN with data:
This counter is incremented and the packet is dropped when the appliance receives a
TCP SYN packet with data.
Recommendations:
To allow such TCP packets use syn-data configuration under tcp-map.
Syslogs:
None
----------------------------------------------------------------
Name: tcp-dual-open
TCP Dual open denied:
This counter is incremented and the packet is dropped when the appliance receives a
TCP SYN packet from the server, when an embryonic TCP connection is already open.
Recommendations:
None
Syslogs:
None