POP3.Invalid.Message.Number
Description
This indicates that a client has tried to retrieve a message from a POP server with a number higher than 65535. This is an indication of a buffer-overflow or denial-of-service attack.
Affected Products
Any unprotected POP server is vulnerable to the attack.
Impact
This is a protocol anomaly. Attackers may be able to execute arbitary commands on the victim system or launch a DoS attack.
Recommended Actions
This indicates detection of traffic that does not comply with the protocol standard. Monitor the traffic from that network for any suspicious activity.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |