The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
SCTP traffic dropped by by 'SCTP Unknown Chunk Type'
| Solution ID |
sk123561 |
| Product |
IPS |
| Version |
R77.30 |
| Date Created |
19-Mar-2018
|
| Last Modified |
22-Mar-2018
|
Symptoms
- SCTP protocol enforcement protection in detect mode.
The traffic capture shows 0 in the chunk type but the IPS think it's unknown chunk type and drops it unexpectedly. Drop of traffic is suspected of being a false positive.
IPS log shows:
;fwx_get_original_conn_key_ex returns: dir 0, x.x.x.x:8333 -> y.y.y.y:8333 IPP 132 ;
;asm_stateless_verifier: SCTP Unknown Chunk Type 78;
;asmstateless_write_log: Asked to send log -1 0 SCTP Protocol Enforcement Violation Linux Kernel NetFilter SCTP unknown chunk types denial of service SCTP Unknown Chunk Type: 78 1;
;ld2_get_wto_ttl_aggr: d=8022 lp=sd_stats_prot_count tuple=<132>;
;ld_get: h_lookup(132,1)=eddf4548;
Tracker log shows traffic hitting ‘Linux Kernel Netfilter unknown chunk type denial of service’ protection, with packet information showing ‘SCTP Unknown Chunk Type: xx” where xx is a random 2 digit number
Solution
|
Note: To view this solution you need to
Sign In
.
|
