SCTP traffic dropped by by 'SCTP Unknown Chunk Type'
- SCTP protocol enforcement protection in detect mode.
The traffic capture shows 0 in the chunk type but the IPS think it's unknown chunk type and drops it unexpectedly. Drop of traffic is suspected of being a false positive.
IPS log shows:
;fwx_get_original_conn_key_ex returns: dir 0, x.x.x.x:8333 -> y.y.y.y:8333 IPP 132 ;
;asm_stateless_verifier: SCTP Unknown Chunk Type 78;
;asmstateless_write_log: Asked to send log -1 0 SCTP Protocol Enforcement Violation Linux Kernel NetFilter SCTP unknown chunk types denial of service SCTP Unknown Chunk Type: 78 1;
;ld2_get_wto_ttl_aggr: d=8022 lp=sd_stats_prot_count tuple=<132>;
Tracker log shows traffic hitting Linux Kernel Netfilter unknown chunk type denial of service protection, with packet information showing SCTP Unknown Chunk Type: xx where xx is a random 2 digit number
Note: To view this solution you need to