[Snort-users] WEB-MISC readme.eml attempt
snortlst at ...125...
Mon Mar 11 15:50:05 EST 2002
I have local sensor that sniffs lan nic of the firewall. I see a couple of
entries to the workstations (w2k with IIS5) and it says - WEB-MISC
readme.eml attempt .
Is it an indication that:
1. Someone on this workstation tried to access infected site on the internet
2. or that upload was attempted from internet to local workstation to infect
Should I worry about it or it is just an informational alert?
Workstations run only ftp part of the iis, not the web.
More information about the Snort-users