search cancel

Critical System Protection (CSP) and Data Center Security (DCS) agent on Solaris: certain network traffic gets assigned to the wrong sandbox.

book

Article ID: 163395

calendar_today

Updated On:

Products

Critical System Protection

Issue/Introduction

For example, you see SSH and FTP incoming connections being assigned to an unrelated sandbox. This issue only appears on Solaris agents and it is more likely to happen on a system which is under heavy network load, but it can also happen randomly under a light load, though it is much less likely. It is also more likely to happen on a system which serves multiple purposes--the more ports the server is listening on and responding to, the more likely the issue will spring up. This issue affects CSP 5.2.9 MP* and DCS 6.* Solaris agents.

 

The logs do not record any errors.
 

Cause

The issue is caused by a defect in the code. On Solaris using the affected software version, the method used to obtain the process ID for the current network traffic did not work as expected 100% of the time. When it did not work, the wrong process ID would be obtained, which causes the driver to map the traffic to the wrong PSET.

 

Resolution

The fix uses a more reliable method of obtaining the process ID, and that prevents the wrong PID from being obtained. The HotFix was made available in July 2016 for SCSP: 5.2.9 MP6 HF3. The same fix is targeted for DCS:SA 6.7. If you feel that this issue affects you, please contact your local support team to obtain this fix quoting this article.