On Sep 19, 2005, at 8:16 PM, Mike Orr wrote:
I found the following in my Quixote access log.
161.55.32.34 - 2005-09-17 10:39:51 483 "PROPFIND /attachments/
HTTP/1.1" 200 'Microsoft-WebDAV-MiniRedir/5.1.2600' 0.00sec
I found nothing in the RFCs about these methods but these links
suggest it's an attack against an IIS server (which I don't have):
http://groups.google.com/group/microsoft.public.inetserver.iis/
browse_frm/thread/a9ecbf7ba3bd1794/31879151c845e65f?
lnk=st&q=propfind&rnum=8#31879151c845e65f
http://www.iisfaq.com/default.aspx?View=A489
PROPFIND is a webdav method. Webdav is described in rfc 2518.
Maybe this is just a browser trying to mount your server.
I'm actually planning to make the logger put the access log in a SQL
database. No reason to screw around with this format if I'm only
using it for one purpose.
It will be interesting to see how well that works.
It seems relatively expensive.
_______________________________________________
Quixote-users mailing list
[email protected]
http://mail.mems-exchange.org/mailman/listinfo/quixote-users
