Snort mailing list archives
WEB-MISC readme.eml attempt
From: "Basil Saragoza" <snortlst () hotmail com>
Date: Mon, 11 Mar 2002 18:48:55 -0500
I have local sensor that sniffs lan nic of the firewall. I see a couple of entries to the workstations (w2k with IIS5) and it says - WEB-MISC readme.eml attempt . Is it an indication that: 1. Someone on this workstation tried to access infected site on the internet 2. or that upload was attempted from internet to local workstation to infect it. Should I worry about it or it is just an informational alert? Workstations run only ftp part of the iis, not the web. thx. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- WEB-MISC readme.eml attempt Basil Saragoza (Mar 11)
- Re: WEB-MISC readme.eml attempt Phil Wood (Mar 11)
- Re: WEB-MISC readme.eml attempt Roberto Suarez Soto (Mar 12)