Cisco Cisco ASA 5510 Adaptive Security Appliance 전단
3-21
Cisco ASA Series 명령 참조, S 명령
3장 show as-path-access-list through show auto-update 명령
show asp drop
----------------------------------------------------------------
Name: tcp-data-past-fin
TCP data send after FIN:
This counter is incremented and the packet is dropped when the appliance receives new
TCP data packet from an endpoint which had sent a FIN to close the connection.
Recommendations:
None
Syslogs:
None
----------------------------------------------------------------
Name: tcp-3whs-failed
TCP failed 3 way handshake:
This counter is incremented and the packet is dropped when appliance receives an
invalid TCP packet during three-way-handshake. Example SYN-ACK from client will be dropped
for this reason.
Recommendations:
None
Syslogs:
None
----------------------------------------------------------------
Name: tcp-rstfin-ooo
TCP RST/FIN out of order:
This counter is incremented and the packet is dropped when appliance receives a RST or
a FIN packet with incorrect TCP sequence number.
Recommendations:
None
Syslogs:
None
----------------------------------------------------------------
Name: tcp-seq-syn-diff
TCP SEQ in SYN/SYNACK invalid:
This counter is incremented and the packet is dropped when appliance receives a SYN or
SYN-ACK packet during three-way-handshake with incorrect TCP sequence number.
Recommendations:
None
Syslogs:
None
----------------------------------------------------------------
Name: tcp-ack-syn-diff
TCP ACK in SYNACK invalid:
This counter is incremented and the packet is dropped when appliance receives a
SYN-ACK packet during three-way-handshake with incorrect TCP acknowledgement number.
Recommendations:
None
Syslogs: