Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet
3-33
Cisco ASA Series 명령 참조, S 명령
3장 show as-path-access-list through show auto-update 명령
show asp drop
None.
----------------------------------------------------------------
Name: dns-guard-out-of-app-id
DNS Guard out of App ID:
This counter will increment when the DNS Guard function fails to allocate a data
structure to store the identification of the DNS message.
Recommendation:
Check the system memory usage. This event normally happens when the system runs short
of memory.
Syslogs:
None.
----------------------------------------------------------------
Name: dns-guard-id-not-matched
DNS Guard ID not matched:
This counter will increment when the identification of the DNS response message does
not match any DNS queries that passed across the appliance earlier on the same connection.
This counter will increment by the DNS Guard function.
Recommendation:
No action required if it is an intermittent event. If the cause is an attack, you can
deny the host using the ACLs.
Syslogs:
None.
----------------------------------------------------------------
Name: inspect-rtp-invalid-length
Invalid RTP Packet length:
This counter will increment when the UDP packet length is less than the size of the
RTP header.
Recommendation:
No action required. A capture can be used to figure out which RTP source is sending
the incorrect packets and you can deny the host using the ACLs.
Syslogs:
None.
----------------------------------------------------------------
Name: inspect-rtp-invalid-version
Invalid RTP Version field:
This counter will increment when the RTP version field contains a version other than
2.
Recommendation:
The RTP source in your network does not seem to be sending RTP packets conformant with
the RFC 1889. The reason for this has to be identified and you can deny the host using
ACLs if required.
Syslogs:
431001.
----------------------------------------------------------------
Name: inspect-rtp-invalid-payload-type
Invalid RTP Payload type field: