Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5510 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet

Download
Page of 1264
 
3-32
Cisco ASA Series 명령 참조 , S 명령
  
3      show as-path-access-list through show auto-update 명령              
  show asp drop
    This counter will increment when the appliance detects an invalid DNS packet. 
Examples: A DNS packet with no DNS header; the number of DNS resource records not matching 
the counter in the header; etc.
Recommendation:
    No action required.
Syslogs:
    None.
----------------------------------------------------------------
Name: inspect-dns-invalid-domain-label
DNS Inspect invalid domain label:
    This counter will increment when the appliance detects an invalid DNS domain name or 
label. DNS domain name and label is checked per RFC 1035.
Recommendation:
    No action required. If the domain name and label check is not desired, disable the 
protocol-enforcement parameter in the DNS inspection policy-map (in supported releases).
Syslogs:
    None.
----------------------------------------------------------------
Name: inspect-dns-pak-too-long
DNS Inspect packet too long:
    This counter is incremented when the length of the DNS message exceeds the configured 
maximum allowed value.
Recommendation:
    No action required.  If DNS message length checking is not desired, enable DNS 
inspection without the 'maximum-length' option, or disable the 'message-length maximum' 
parameter in the DNS inspection policy-map (in supported releases).
Syslogs:
    410001
----------------------------------------------------------------
Name: inspect-dns-out-of-app-id
DNS Inspect out of App ID:
    This counter will increment when the DNS inspection engine fails to allocate a data 
structure to store the identification of the DNS message. 
Recommendation:
    Check the system memory usage. This event normally happens when the system runs short 
of memory.
Syslogs:
    None.
----------------------------------------------------------------
Name: inspect-dns-id-not-matched
DNS Inspect ID not matched:
    This counter will increment when the identification of the DNS response message does 
not match any DNS queries that passed across the appliance earlier on the same connection.
Recommendation:
    No action required if it is an intermittent event. If the cause is an attack, you can 
deny the host using the ACLs. 
Syslogs: