Can anyone explain to me what's happening here? WebDAV is disabled on the target web server per the MS procedure. Pat Sellers is an internal employee. I've seen several employee names coming accross in this fashion, and it's starting to get bothersome. Unfortunately, I don't know much about WebDAV requests/replies (which is, of course, why I've kept it disabled). Any help would be appreciated. Keith [**] IDS475/web-iis_web-webdav-propfind [**] 09/07-13:57:13.692020 65.201.42.82:58299 -> X.X.X.X:80 TCP TTL:115 TOS:0x0 ID:44852 IpLen:20 DgmLen:319 DF ***AP*** Seq: 0xF92DC1E4 Ack: 0xB60B6704 Win: 0x4000 TcpLen: 20 50 52 4F 50 46 49 4E 44 20 2F 69 6E 73 74 6D 73 PROPFIND /instms 67 2F 61 6C 69 61 73 65 73 2F 70 61 74 2E 73 65 g/aliases/pat.se 6C 6C 65 72 73 20 48 54 54 50 2F 31 2E 30 0D 0A llers HTTP/1.0.. 56 69 61 3A 20 31 2E 31 20 57 48 49 54 45 48 4F Via: 1.1 WHITEHO 52 53 45 0D 0A 43 6F 6E 74 65 6E 74 2D 4C 65 6E RSE..Content-Len 67 74 68 3A 20 31 35 39 0D 0A 43 6F 6E 74 65 6E gth: 159..Conten 74 2D 54 79 70 65 3A 20 74 65 78 74 2F 78 6D 6C t-Type: text/xml 0D 0A 48 6F 73 74 3A 20 65 61 64 76 61 6E 63 65 ..Host: ourdomai 6D 65 64 2E 63 6F 6D 0D 0A 44 65 70 74 68 3A 20 n.com..Depth: 30 0D 0A 52 56 50 2D 4E 6F 74 69 66 69 63 61 74 0..RVP-Notificat 69 6F 6E 73 2D 56 65 72 73 69 6F 6E 3A 20 30 2E ions-Version: 0. 32 0D 0A 52 56 50 2D 46 72 6F 6D 2D 50 72 69 6E 2..RVP-From-Prin 63 69 70 61 6C 3A 20 68 74 74 70 3A 2F 2F 69 6D cipal: http://im 2E 73 73 69 61 64 76 61 6E 74 61 67 65 2E 63 6F .ssiadvantage.co 6D 2F 69 6E 73 74 6D 73 67 2F 61 6C 69 61 73 65 m/instmsg/aliase 73 2F 65 63 61 72 72 6F 7A 7A 61 0D 0A 43 6F 6E s/ecarrozza..Con 6E 65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D 41 6C nection: Keep-Al 69 76 65 0D 0A 0D 0A ive.... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] IDS475/web-iis_web-webdav-propfind [**] 09/07-13:57:13.840656 65.201.42.82:58299 -> X.X.X.X:80 TCP TTL:115 TOS:0x0 ID:44856 IpLen:20 DgmLen:199 DF ***AP*** Seq: 0xF92DC2FB Ack: 0xB60B6704 Win: 0x4000 TcpLen: 20 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 <?xml version="1 2E 30 22 3F 3E 0A 3C 64 3A 70 72 6F 70 66 69 6E .0"?>.<d:propfin 64 20 78 6D 6C 6E 73 3A 64 3D 27 44 41 56 3A 27 d xmlns:d='DAV:' 20 78 6D 6C 6E 73 3A 72 3D 27 68 74 74 70 3A 2F xmlns:r='http:/ 2F 73 63 68 65 6D 61 73 2E 6D 69 63 72 6F 73 6F /schemas.microso 66 74 2E 63 6F 6D 2F 72 76 70 2F 27 3E 3C 64 3A ft.com/rvp/'><d: 70 72 6F 70 3E 3C 72 3A 73 74 61 74 65 2F 3E 3C prop><r:state/>< 64 3A 64 69 73 70 6C 61 79 6E 61 6D 65 2F 3E 3C d:displayname/>< 72 3A 65 6D 61 69 6C 2F 3E 3C 2F 64 3A 70 72 6F r:email/></d:pro 70 3E 3C 2F 64 3A 70 72 6F 70 66 69 6E 64 3E p></d:propfind> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 12:42:41 PDT