Support Center > Search Results > SecureKnowledge Details
SCTP traffic dropped by by 'SCTP Unknown Chunk Type'
Symptoms
  • SCTP protocol enforcement protection in detect mode. The traffic capture shows 0 in the chunk type but the IPS think it's unknown chunk type and drops it unexpectedly. Drop of traffic is suspected of being a false positive. IPS log shows: ;fwx_get_original_conn_key_ex returns: dir 0, x.x.x.x:8333 -> y.y.y.y:8333 IPP 132 ; ;asm_stateless_verifier: SCTP Unknown Chunk Type 78; ;asmstateless_write_log: Asked to send log -1 0 SCTP Protocol Enforcement Violation Linux Kernel NetFilter SCTP unknown chunk types denial of service SCTP Unknown Chunk Type: 78 1; ;ld2_get_wto_ttl_aggr: d=8022 lp=sd_stats_prot_count tuple=<132>; ;ld_get: h_lookup(132,1)=eddf4548; Tracker log shows traffic hitting ‘Linux Kernel Netfilter unknown chunk type denial of service’ protection, with packet information showing ‘SCTP Unknown Chunk Type: xx” where xx is a random 2 digit number
Solution
Note: To view this solution you need to Sign In .