Snort mailing list archives

WEB-MISC readme.eml attempt

From: "Basil Saragoza" <snortlst () hotmail com>
Date: Mon, 11 Mar 2002 18:48:55 -0500

I have local sensor that sniffs lan nic of the firewall. I see a couple of
entries to the workstations (w2k with IIS5) and it says - WEB-MISC
readme.eml attempt    .

Is it an indication that:
1. Someone on this workstation tried to access infected site on the internet
2. or that upload was attempted from internet to local workstation to infect
it.

Should I worry about it or it is just an informational alert?

Workstations run only ftp part of the iis, not the web.
thx.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

WEB-MISC readme.eml attempt Basil Saragoza (Mar 11)
- Re: WEB-MISC readme.eml attempt Phil Wood (Mar 11)
- Re: WEB-MISC readme.eml attempt Roberto Suarez Soto (Mar 12)