Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
rdegoix
Participant

Increasment of "out of state packet"

Jump to solution

Hello,

 

 I received from our SOC a report that the "out of state packets" have been increased (skyrocketed) since 23th of October. We still had some of them out of state packets by the past and that makes sense for me... 

On the November month, we got like arround 15 millions of dropped packets and most of them related to "out of state packet" (on September month, arround 2-3 millions dropped packets).

The flow generating this "out of state packet" is the following, a flow back from our proxy to an user : 

source-port : 80 - destination-port : dynamic / src-ip : Proxy-IP (Blue-Coat) dst-ip : random_user (not related to a specific user)

I checked on Checkpoint side if something have been enabled or disabled before 23th of October (global properties > Statefull inspection > out of state & also checking the aggressive aging on http service that have been still enable).

 

But I'm not able to explain, why an increasment like that (x6-7 of out of state packets and related to the same kind of flow)... 

May be it's more related to our Blue-Coat proxy, I tried to check if some parameters have been modified (hard to get audit from more 1 month...).

Just in case that you can provide me some news ideas about this topic 😉

Thanks for your support !

 

Regards,


Robin.

4 Replies
This widget could not be displayed.