Hello,
When a POP3 user password (9 characters in length) contains the special characters - @, %, and ! ("at" symbol, percentage symbol, and exclamation point) - as well as standard numerals and letters, the ASG220 alerts on these special characters and the intrusion protection process alerts with the following message:
Message........: POP3 PASS format string attempt
Details........: http://www.snort.org/pub-bin/sigs.cgi?sid=2666
If the POP3 user removes those special characters from their password, the alerts stop.
I believe this to be a false positive from the intrusion protection process. Does anyone else have knowledge of this issue?
ASG220
software ver - 6.302
Intrustion protection pattern - Aug 23 10:33:26 2006
UPDATE - Through a process of elimination, it appears that the % sign is the special character, which sets off the alert when use in combo with the other special characters. Removing the % sign eliminated the alerts.
Thanks,
Lou
This thread was automatically locked due to age.