Snort mailing list archives

readme.eml coming from an apache RH web sever?

From: "John Mulkerin" <jmulkerin () attbi com>
Date: Sun, 16 Dec 2001 10:49:48 -0800

I'm not real good at snort configuration but do have my HOME_NET set to my
specific two home addresses (so I added a CIDR of 32).  However, I see
alerts from my 12.XXX.XXX.XX1 machine to my other home machine
12.XXX.XXX.XX2.  Since I'm pretty sure the Nimda expoint is not running on a
RedHat 7.2 with Apache, what am I doing wrong?

Here is are a couple of the log entries
12/16-09:47:20.775485  [**] [1:1284:3] WEB-MISC readme.eml attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1] {TCP}
12.XXX.XXX.XX1:80 -> 12.XXX.XXX.XX2:1670
12/16-09:47:20.799312  [**] [1:1284:3] WEB-MISC readme.eml attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1] {TCP}
12.XXX.XXX.XX1:80 -> 12.XXX.XXX.XX2:1670

var HOME_NET [12.XXX.XXX.XX1/32,12.XXX.XXX.XX2/32]


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

readme.eml coming from an apache RH web sever? John Mulkerin (Dec 16)
- RE: readme.eml coming from an apache RH web sever? Paul D. Shaffer (Dec 16)
  - RE: readme.eml coming from an apache RH web sever? Steve Ochani (Dec 16)
    - RE: readme.eml coming from an apache RH web sever? Paul D. Shaffer (Dec 16)
  - Re: readme.eml coming from an apache RH web sever? John Mulkerin (Dec 16)