The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
SCTP traffic dropped by by 'SCTP Unknown Chunk Type'
Technical Level
Solution ID
sk123561
Technical Level
Product
IPS
Version
R77.30 (EOL)
Date Created
19-Mar-2018
Last Modified
22-Mar-2018
Symptoms
SCTP protocol enforcement protection in detect mode.
The traffic capture shows 0 in the chunk type but the IPS think it's unknown chunk type and drops it unexpectedly. Drop of traffic is suspected of being a false positive.
IPS log shows:
;fwx_get_original_conn_key_ex returns: dir 0, x.x.x.x:8333 -> y.y.y.y:8333 IPP 132 ;
;asm_stateless_verifier: SCTP Unknown Chunk Type 78;
;asmstateless_write_log: Asked to send log -1 0 SCTP Protocol Enforcement Violation Linux Kernel NetFilter SCTP unknown chunk types denial of service SCTP Unknown Chunk Type: 78 1;
;ld2_get_wto_ttl_aggr: d=8022 lp=sd_stats_prot_count tuple=<132>;
;ld_get: h_lookup(132,1)=eddf4548;
Tracker log shows traffic hitting ‘Linux Kernel Netfilter unknown chunk type denial of service’ protection, with packet information showing ‘SCTP Unknown Chunk Type: xx” where xx is a random 2 digit number
