Long Webdav request
Here's where I "think" we're at:
1. We are constantly being locked out of our site hosts system by their Intrusion Detection System. This happens when either browsing the site with Mozilla Firefox, or updating the site with MS FrontPage.
2. Each time this happens, their IDS log shows our IP as initializing a "Long WebDav" request. They have told us the most likely culprit is a virus on our system that is hijacking the packets that we're sending.
3. I'm willing to accept #1 and #2 at this point.
4. Ran Ad-Aware, and this was the logfile, of which all items have now been deleted:
obj[0]=IECache Entry : Cookie:mycomputer@~~local~
obj[1]=IECache Entry : Cookie:mycomputer@domainsp
obj[2]=IECache Entry : Cookie:mycomputer@adserver
obj[3]=IECache Entry : Cookie:mycomputer@landing.
obj[4]=IECache Entry : Cookie:mycomputer@mediaple
obj[5]=IECache Entry : Cookie:mycomputer@overture
obj[6]=IECache Entry : Cookie:mycomputer@weborama
Could these items be the cause?
There does not appear to be anything else on my system - so how could a Cookie (which I thought was harmelss) do this?
5. If it is something else entirely, I would very much appreciate any recommendations you may have.
Thanks,
Sean Powell
Your friendly Web Development Page Editor ( and apparently security-minded numnuts )
1. We are constantly being locked out of our site hosts system by their Intrusion Detection System. This happens when either browsing the site with Mozilla Firefox, or updating the site with MS FrontPage.
2. Each time this happens, their IDS log shows our IP as initializing a "Long WebDav" request. They have told us the most likely culprit is a virus on our system that is hijacking the packets that we're sending.
3. I'm willing to accept #1 and #2 at this point.
4. Ran Ad-Aware, and this was the logfile, of which all items have now been deleted:
obj[0]=IECache Entry : Cookie:mycomputer@~~local~
obj[1]=IECache Entry : Cookie:mycomputer@domainsp
obj[2]=IECache Entry : Cookie:mycomputer@adserver
obj[3]=IECache Entry : Cookie:mycomputer@landing.
obj[4]=IECache Entry : Cookie:mycomputer@mediaple
obj[5]=IECache Entry : Cookie:mycomputer@overture
obj[6]=IECache Entry : Cookie:mycomputer@weborama
Could these items be the cause?
There does not appear to be anything else on my system - so how could a Cookie (which I thought was harmelss) do this?
5. If it is something else entirely, I would very much appreciate any recommendations you may have.
Thanks,
Sean Powell
Your friendly Web Development Page Editor ( and apparently security-minded numnuts )
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Zone Alarm shows this on Startup, I assume it's the IP of my broadband connection?
169.254.0.0
I also have this shown as the IP of my computer, when going to showmyip.com (last numbers x'd out)
65.95.xxx.xx
So it's correct that I have both, yes?
169.254.0.0
I also have this shown as the IP of my computer, when going to showmyip.com (last numbers x'd out)
65.95.xxx.xx
So it's correct that I have both, yes?
What he means, is when the XP LOGO appears, hit F8 to get into the DOS menue. There you can select SAFE MODE. By running Ad-Aware at this level, services are not already started that could prevent a clean "repair".
ASKER
Thanks :-)
I've run a complete Ad-Aware scan in safe mode and nothing.
I guess want I need to know is this:
Accessing a site generates a Long WebDAV request, and we are locked out of the hosts IDS for 15 minutes.
Is there "ANY OTHER" reason for this, besides me having a virus on my system?
Thanks,
Sean
I've run a complete Ad-Aware scan in safe mode and nothing.
I guess want I need to know is this:
Accessing a site generates a Long WebDAV request, and we are locked out of the hosts IDS for 15 minutes.
Is there "ANY OTHER" reason for this, besides me having a virus on my system?
Thanks,
Sean
Try connecting with ZoneAlarm active...any applications trying to run?
And do you get locked out?
What Anti-Virus are you running?
Long WebDAV request can cause Denial of Service (DoS), therefore the counter-measure is quite prudent but a false positive is irritating...
And do you get locked out?
What Anti-Virus are you running?
Long WebDAV request can cause Denial of Service (DoS), therefore the counter-measure is quite prudent but a false positive is irritating...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
When the host ran a repair on the extensions, IIS found a problem with something called a Timer. Looks like we're clean.
Thank you for all your comments here. :-)
Sean
Thank you for all your comments here. :-)
Sean
ASKER
1. I'll look into that...
2. I have Ad-Aware, the logfile was posted. What do you mean by "Safe Mode"
3. Already done, except for XP SP2, which I'll wait a few years till the bugs are ironed out.
Is there any way to "confirm" that the problem is indeed on my end?
Sean