[Snort-users] readme.eml attempt
snortlst at ...125...
Wed Mar 13 09:07:02 EST 2002
I have a lot of alert that say readme.eml attempt to 10.0.84.220 - outside
world has no knowledge of my internal addresses so I understand this alert
is triggered when I try to access specific site.
Source address for alert is 126.96.36.199
When you type it in the browser it actually goes to there:
This link is a Microsoft .NET Passport login site.
1. Have anyone heard about the false reasme.eml alert when accessing
2. I didn't access this site manually, taht's for sure, so the question
is.....could it be taht my W2K workstations communicates on the background
and sends information to Passprt-related internet services?
More information about the Snort-users