File: 2274.txt

package info (click to toggle)
snort 2.9.7.0-5
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid, stretch
  • size: 55,000 kB
  • ctags: 38,464
  • sloc: ansic: 266,667; sh: 12,508; makefile: 2,908; yacc: 497; perl: 496; lex: 261; sed: 14
file content (61 lines) | stat: -rw-r--r-- 1,279 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
Rule:

--
Sid:
2274

--
Summary:
This event is generated when an attempt is made to gain access to an
POP3 server using brute force methods.

--
Impact:
Attempted remote access.  
This event may indicate that an attacker is attempting to guess username and password combinations.  
Alternately, it may indicate that an authorized user has entered an
incorrect username and password combination a number of times.

--
Detailed Information:
An POP3 server will issue an error message after a failed login attempt.  
This may be an indication of an attacker attempting brute force guessing 
of username and password combinations.  It is also possible that an authorized 
user has incorrectly entered a legitimate username and password combination.  

This event will be generated after a number of failed attempts.

--
Affected Systems:
POP3 servers.

--
Attack Scenarios:
An attacker may attempt to guess username and password combinations.

--
Ease of Attack:
Simple

--
False Positives:
This event may be triggered by a failed POP3 login attempt from a remote user.

--
False Negatives:
None known.

--
Corrective Action:


--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:

--