[Snort-users] readme.eml attempt

Basil Saragoza snortlst at ...125...
Wed Mar 13 09:07:02 EST 2002


I have a lot of alert that say readme.eml attempt to 10.0.84.220 - outside
world has no knowledge of my internal addresses so I understand this alert
is triggered when I try to access specific site.
Source address for alert is 64.4.30.253
When you type it in the browser it actually goes to there:


http://loginnet.passport.com/login.srf?svc=mail

This link is a Microsoft .NET Passport login site.
Questions:
1. Have anyone heard about the false reasme.eml alert when accessing
Passport-related sites?
2. I didn't access this site manually, taht's for sure, so the question
is.....could it be taht my W2K workstations communicates on the background
and sends information to Passprt-related internet services?
thx.




More information about the Snort-users mailing list