Security Incidents mailing list archives
Re: IIS4 Logs
From: rfp () WIRETRIP NET (rain forest puppy)
Date: Thu, 25 May 2000 12:40:43 -0500
209.250.45.86 - - [24/May/2000:11:50:53 -0500] "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.1" 405 367
209.250.45.86 - - [24/May/2000:11:50:54 -0500] "GET /_vti_inf.html HTTP/1.1" 404 270
209.250.45.86 - - [24/May/2000:11:50:55 -0500] "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.1" 405 367
209.250.45.86 - - [24/May/2000:11:50:56 -0500] "OPTIONS / HTTP/1.1" 200 190
Considering that they are all within 3 seconds to each other, I would say this is just FrontPage 2000. IIS 5.0 has implemented WebDAV support (RFC 2291, 2518); Microsoft has dubbed this "Web Folders", and it's a feature that IE 5/Win 2K brings to the table. The best way to determine WebDAV support is to do an OPTIONS query, which just lists available methods (POST, GET, MKCOL, etc). So I see nothing 'out of the ordinary', as far as method, in the above requests. Now, that doesn't take into consideration whether or not someone should be using FP 2000 on you in the first place. :) - rfp
Current thread:
- IIS4 Logs Daniel K. Boyd (May 24)
- Single packet per IP# port 137 scan Bryan Andersen (May 25)
- incident input re: FBI Laura Taylor (May 25)
- Re: IIS4 Logs M J (May 25)
- <Possible follow-ups>
- Re: IIS4 Logs rain forest puppy (May 25)