Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

WebDAV entries in IIS logs

Posted on 2010-01-06
10
Medium Priority
?
1,138 Views
Last Modified: 2013-12-09
Hello,

We are seeing a lot of these entries in our IIS logs and are unable to isolate the issue. Our DBA has some concerns that it could be a virus or it could be the Anti-virus/spyware on this machine scanning files on the web server.

IP's changed xxx's - Webserver, yyy's - Workstation

2010-01-04 16:49:23 W3SVC1411263975 xxx.xxx.xxx.xxx OPTIONS / - 80 - yyy.yyy.yyy.yyy Microsoft-WebDAV-MiniRedir/5.1.2600 401 2 2148074254
2010-01-04 16:49:23 W3SVC1411263975 xxx.xxx.xxx.xxx OPTIONS / - 80 - yyy.yyy.yyy.yyy Microsoft-WebDAV-MiniRedir/5.1.2600 401 1 0
2010-01-04 16:49:23 W3SVC1411263975 xxx.xxx.xxx.xxx OPTIONS / - 80 - yyy.yyy.yyy.yyy Microsoft-WebDAV-MiniRedir/5.1.2600 401 1 5

Any ideas?

Thanks,
DM
0
Comment
Question by:damehta
  • 5
  • 3
  • 2
10 Comments
 
LVL 13

Expert Comment

by:Springy555
ID: 26191058
I may be a sort of DoS attack, or someone inadvertantly trying to connect to your server using web folders or frontpage or something.

Have a look here:
http://www.webmasterworld.com/forum11/3235.htm
0
 

Author Comment

by:damehta
ID: 26191204
These events are from multiple machines, all of them that we have found in the logs are workstations on our internal network.

Thanks,
DM
0
 
LVL 13

Accepted Solution

by:
Springy555 earned 500 total points
ID: 26191297
Are you using webdav?  If not, you could just disable it under IIS extensions...

It could also be people using my network to browse the network.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
ID: 26191669
Dreamweaver uses webdav and adobe contribute, do you use (or someone use) either of these?
0
 

Author Comment

by:damehta
ID: 26191692
We do not use either Dreamweaver or adobe contribute, primarily Visual Studio for dev.

I dont think we use WebDAV for anything, but i have asked our developers to confirm.

0
 

Author Comment

by:damehta
ID: 26191729
I take that back, i just got an email from our lead developer, he tells me that we use 'WebDAV for network connections and publishing'
0
 
LVL 13

Expert Comment

by:Springy555
ID: 26191753
I would guess then, if these connections are coming internally, that its not a any form of attack or virus.

These logs can occur when using frontpage, web folders, my network places and apparantly when using IE8.

Probably best talking to your developers and telling them about this.  Its most likely some setup they have / or not aware of.
0
 

Author Comment

by:damehta
ID: 26191825
We do have some workstations which have IE8, I am trying to track down if there is a correspondence between IE8 and the IP's showing up in the logs.
0
 

Author Comment

by:damehta
ID: 26193879
There are only 2 machines with IE8 on the network and neither of them shows up in the WebDAv logs
0
 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
ID: 26193953
I'm not so sure frontpage uses webdav (I could be wrong).  When our network people set up a frontpage server some time ago (we finally convinced them that frontpage was a substandard development platform) they disabled webdav for security purposes and just used frontpage extensions.  I know this because I have always used Dreamweaver and it uses webdav to publish.  I had to develop in dreamweaver and publish using frontpage which led to no end of problems!

0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question