iis security: IIS logs show domain laptop logging into WEBDAV -- iis security

IIS logs show domain laptop logging into WEBDAV

FD
6/30/2006 8:18:04 AM

iis security:

Hi,

I have a curious problem that I hope someone can shed some light on. The
log below shows a domain laptop logging in to our webserver's webdav. This
incident occurs after business hours. The bad news is it is my laptop's IP
address. (I leave my laptop on to run the virus scanner, etc.). Our
webserver is on the optional side of the firewall and I am not mapped to the
webserver in any way. I originally set the WEBDAV program up via RDP on my
laptop. I have run virus scanners, adware checkers, etc. but I just can not
figure out why my laptop's IP shows up in the IIS logs. It doesn't seem to
be causing a problem but it has me perplexed.

Any help would be greatly appreciated

(I purposefully changed the IP's in log to protect the guilty (me).

Thanks,

FD

#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port
cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2006-06-30 09:15:05 X.X.X.135 OPTIONS / - 80 - 192.168.1.150
Microsoft-WebDAV-MiniRedir/5.1.2600 200 0 0
2006-06-30 09:15:05 X.X.X.135 PROPFIND /WEBDAV - 80 - 192.168.1.150
Microsoft-WebDAV-MiniRedir/5.1.2600 401 2 2148074254
2006-06-30 09:15:05 X.X.X.135 PROPFIND /WEBDAV - 80 - 192.168.1.150
Microsoft-WebDAV-MiniRedir/5.1.2600 401 2 2148074254
2006-06-30 09:15:05 X.X.X.135 PROPFIND /WEBDAV.bat - 80 - 192.168.1.150
Microsoft-WebDAV-MiniRedir/5.1.2600 404 0 0
2006-06-30 09:15:05 X.X.X.135 PROPFIND /WEBDAV.cmd - 80 - 192.168.1.150
Microsoft-WebDAV-MiniRedir/5.1.2600 404 0 0
2006-06-30 09:15:05 X.X.X.135 PROPFIND /WEBDAV.exe - 80 - 192.168.1.150
Microsoft-WebDAV-MiniRedir/5.1.2600 404 0 0
2006-06-30 09:15:05 X.X.X.135 PROPFIND /WEBDAV.com - 80 - 192.168.1.150
Microsoft-WebDAV-MiniRedir/5.1.2600 404 0 0
2006-06-30 09:15:05 X.X.X.135 PROPFIND /WEBDAV.pif - 80 - 192.168.1.150
Microsoft-WebDAV-MiniRedir/5.1.2600 404 0 0
2006-06-30 09:15:05 X.X.X.135 PROPFIND /WEBDAV.lnk - 80 - 192.168.1.150
Microsoft-WebDAV-MiniRedir/5.1.2600 404 0 0
2006-06-30 09:15:05 X.X.X.135 PROPFIND /WEBDAV - 80 - 192.168.1.150
Microsoft-WebDAV-MiniRedir/5.1.2600 401 2 2148074254
2006-06-30 09:15:05 X.X.X.135 PROPFIND /WEBDAV - 80 - 192.168.1.150
Microsoft-WebDAV-MiniRedir/5.1.2600 401 2 2148074254
2006-06-30 09:15:05 X.X.X.135 PROPFIND /WEBDAV - 80 - 192.168.1.150
Microsoft-WebDAV-MiniRedir/5.1.2600 401 2 2148074254
2006-06-30 09:15:05 X.X.X.135 PROPFIND /WEBDAV.bat - 80 - 192.168.1.150
Microsoft-WebDAV-MiniRedir/5.1.2600 404 0 0
2006-06-30 09:15:05 X.X.X.135 PROPFIND /WEBDAV.cmd - 80 - 192.168.1.150
Microsoft-WebDAV-MiniRedir/5.1.2600 404 0 0
2006-06-30 09:15:05 X.X.X.135 PROPFIND /WEBDAV.exe - 80 - 192.168.1.150
Microsoft-WebDAV-MiniRedir/5.1.2600 404 0 0
2006-06-30 09:15:05 X.X.X.135 PROPFIND /WEBDAV.com - 80 - 192.168.1.150
Microsoft-WebDAV-MiniRedir/5.1.2600 404 0 0
2006-06-30 09:15:05 X.X.X.135 PROPFIND /WEBDAV.pif - 80 - 192.168.1.150
Microsoft-WebDAV-MiniRedir/5.1.2600 404 0 0
2006-06-30 09:15:05 X.X.X.135 PROPFIND /WEBDAV.lnk - 80 - 192.168.1.150
Microsoft-WebDAV-MiniRedir/5.1.2600 404 0 0
2006-06-30 09:15:05 X.X.X.135 PROPFIND /WEBDAV - 80 - 192.168.1.150
Microsoft-WebDAV-MiniRedir/5.1.2600 401 2 2148074254
#Software: Microsoft Internet Information Services 6.0

Re: IIS logs show domain laptop logging into WEBDAV

David Wang [Msft]
7/1/2006 3:02:03 PM

Maybe you have a WebDAV link in your "My Network Places" special folder
(available from the Start Menu) to your webserver that the virus scanner
unknowningly traverses during scanning.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//

[quoted text, click to view]