Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 5139 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IMAP PCT Client_Hello overflow attempt

just4fun

I've had 5 logged entries of an "IMAP PCT Client_Hello overflow attempt" on my XG firewall.  The sources are logged as a Mac (1 attack) and an iPad (4 attacks) on my LAN.  Four of the targets are Google IPs and one is an Apple IP.  My Mac has the latest version of Bitdefender running and it has passed all security scans.  My iPad obviously has no security software on it given the closed ecosystem.  

The only posts relating to this I've found date back to version 7.5 of the UTM.  I didn't find them helpful.

My gut feel is that these are false positives having to do with a way these Apple devices are checking mail from Apple and Google servers.

Thanks for any assistance.



This thread was automatically locked due to age.
Parents
  • 0

    XG uses signature-based IPS so it can be a false-positive. Make sure that all the devices are updated and well protected. Always use IMAPS and SMTPS!

    Write down the IPS version your XG is using at the moment inside Backup & Firmware > Patterns Update and see if the attempts go away after next IPS update.

    Let us know!

Reply
  • 0

    XG uses signature-based IPS so it can be a false-positive. Make sure that all the devices are updated and well protected. Always use IMAPS and SMTPS!

    Write down the IPS version your XG is using at the moment inside Backup & Firmware > Patterns Update and see if the attempts go away after next IPS update.

    Let us know!

Children