Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 26 subscribers
  • Views 5616 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

pop3 pct client_hello overflow attempt

TarekHalloun

hello

i am having this error in my XG report : pop3 pct client_hello overflow attempt coming from my internal lan

the users have pop mail 

what is this error ? what should i check ?!

 

XG firmware is 17 with fully updated patterns 



This thread was automatically locked due to age.
Parents
  • 0

    Which report or log are you seeing this message from? Could you provide lines from relevant log? 

    pop3 pct client_hello overflow attempt refers to IPS SID 2518. More information on this SID in image below:

    It could be simply informational since the default action is to drop.

    If users are having any mailing problems, check your IPS logs for drops under this SID. It may be necessary to create an exception to allow signature if its due to IPS dropping the traffic.

    Thanks,

    Karlos

  • 0 in reply to Karlos

    hello Karlos 

    the pop3 is showing in the intrusion attack reports in the control center - i can see this SID being dropped

    how to add the exception ?

Reply Children
  • 0 in reply to TarekHalloun

    Go to Protect > Intrusion Prevention > IPS Policies > Click Add > Clone Rules: select active IPS policy > enter a Name for this new Policy > Save

    Edit new IPS Policy created > Add > click SID funnel & type 2518 > change Action to Allow Packet & Save

    Make sure to go to your Firewall rule and change the selection of the IPS Policy to the new Policy created.

    Cheers,
    Karlos