SCTP traffic dropped by by 'SCTP Unknown Chunk Type'

SUPPORT CENTER
USER CENTER / PARTNER MAP
CYBER TALK FOR EXECUTIVES
THREAT INTELLIGENCE
UNDER ATTACK?
- We can help. Learn more about ThreatCloud Incident Response
RISK ASSESSMENT
MY ACCOUNT
- Phone
  
  General
  United States 1-800-429-4391
  International +972-3-753-4555
  
  Support
  24x7 Technical Support
  Americas: 1-972-444-6600
  International: +972-3-6115100
  Toll Free: 1-888-361-5030
- Locations
  
  United States
  Check Point Software Technologies Inc.
  959 Skyway Road
  Suite 300
  San Carlos, CA 94070
  MAP
  
  International
  Check Point Software Technologies Ltd.
  5 Ha'Solelim Street
  Tel Aviv 67897, Israel
  MAP
- Community
  CheckMates User Community
  Blog
- Chinese
- Japanese
- Russian

Support Center > Search Results > SecureKnowledge Details

Symptoms

SCTP protocol enforcement protection in detect mode. The traffic capture shows 0 in the chunk type but the IPS think it's unknown chunk type and drops it unexpectedly. Drop of traffic is suspected of being a false positive. IPS log shows: ;fwx_get_original_conn_key_ex returns: dir 0, x.x.x.x:8333 -> y.y.y.y:8333 IPP 132 ; ;asm_stateless_verifier: SCTP Unknown Chunk Type 78; ;asmstateless_write_log: Asked to send log -1 0 SCTP Protocol Enforcement Violation Linux Kernel NetFilter SCTP unknown chunk types denial of service SCTP Unknown Chunk Type: 78 1; ;ld2_get_wto_ttl_aggr: d=8022 lp=sd_stats_prot_count tuple=<132>; ;ld_get: h_lookup(132,1)=eddf4548; Tracker log shows traffic hitting ‘Linux Kernel Netfilter unknown chunk type denial of service’ protection, with packet information showing ‘SCTP Unknown Chunk Type: xx” where xx is a random 2 digit number

Solution

Note: To view this solution you need to Sign In .

THREAT INTELLIGENCE