[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 333
  • Last Modified:

Long Webdav request

Here's where I "think" we're at:

1. We are constantly being locked out of our site hosts system by their Intrusion Detection System. This happens when either browsing the site with Mozilla Firefox, or updating the site with MS FrontPage.

2. Each time this happens, their IDS log shows our IP as initializing a "Long WebDav" request. They have told us the most likely culprit is a virus on our system that is hijacking the packets that we're sending.

3. I'm willing to accept #1 and #2 at this point.

4. Ran Ad-Aware, and this was the logfile, of which all items have now been deleted:

obj[0]=IECache Entry : Cookie:mycomputer@~~local~~/
obj[1]=IECache Entry : Cookie:mycomputer@domainsponsor.com/
obj[2]=IECache Entry : Cookie:mycomputer@adserver.terra.com.br/
obj[3]=IECache Entry : Cookie:mycomputer@landing.domainsponsor.com/
obj[4]=IECache Entry : Cookie:mycomputer@mediaplex.com/
obj[5]=IECache Entry : Cookie:mycomputer@overture.com/
obj[6]=IECache Entry : Cookie:mycomputer@weborama.fr/

Could these items be the cause?
There does not appear to be anything else on my system - so how could a Cookie (which I thought was harmelss) do this?

5. If it is something else entirely, I would very much appreciate any recommendations you may have.

Thanks,
Sean Powell
Your friendly Web Development Page Editor ( and apparently security-minded numnuts )
0
seanpowell
Asked:
seanpowell
  • 4
  • 2
  • 2
2 Solutions
 
shahrialCommented:
1.) Install a personal firewall like ZoneAlarm. This way while updating the site, all outbound request can be filtered.

2.) Recommend to run the Ad-Aware SE Personal Edition 1.05 in Safe Mode.
http://www.download.com/3000-2144-10045910.html

with Latest definition file: SE1R14 22.10.2004
http://www.lavasoftusa.com/support/download/

3.) Ran Windows Update and update all current Critical Updates...;-)
0
 
seanpowellAuthor Commented:
Thanks for your reply.

1. I'll look into that...

2. I have Ad-Aware, the logfile was posted. What do you mean by "Safe Mode"

3. Already done, except for XP SP2, which I'll wait a few years till the bugs are ironed out.

Is there any way to "confirm" that the problem is indeed on my end?

Sean
0
 
seanpowellAuthor Commented:
Zone Alarm shows this on Startup, I assume it's the IP of my broadband connection?
169.254.0.0

I also have this shown as the IP of my computer, when going to showmyip.com (last numbers x'd out)
65.95.xxx.xx

So it's correct that I have both, yes?
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
huntersvcsCommented:
What he means, is when the XP LOGO appears, hit F8 to get into the DOS menue.  There you can select SAFE MODE.  By running Ad-Aware at this level, services are not already started that could prevent a clean "repair".
0
 
seanpowellAuthor Commented:
Thanks :-)

I've run a complete Ad-Aware scan in safe mode and nothing.

I guess want I need to know is this:
Accessing a site generates a Long WebDAV request, and we are locked out of the hosts IDS for 15 minutes.

Is there "ANY OTHER" reason for this, besides me having a virus on my system?

Thanks,
Sean
0
 
shahrialCommented:
Try connecting with ZoneAlarm active...any applications trying to run?
And do you get locked out?

What Anti-Virus are you running?

Long WebDAV request can cause Denial of Service (DoS), therefore the counter-measure is quite prudent but a false positive is irritating...
0
 
huntersvcsCommented:
Other possible tools:

Spybot - Search and Destroy
CWSchredder (especially for hijacked browsers)
0
 
seanpowellAuthor Commented:
When the host ran a repair on the extensions, IIS found a problem with something called a Timer. Looks like we're clean.

Thank you for all your comments here. :-)

Sean
0

Featured Post

Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

  • 4
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now