On Fri, 2002-12-20 at 12:45, Mike Heitz wrote: > I've run across a couple log entries on my OWA server. I'm pretty new to > security (about a decade as a network admin, now taking on more and more > responsibility) and have Googled the Propfind command... only a handful > of results (including a MS Whitepaper I am currently reading). > > Does anyone know what this is exactly? We do not have Instant Messaging > enabled on the server... my main concern is that the Username that was > listed was my own!!! I've used Visual Route to trace the IP addresses > back with marginal success (one got lost after a bunch of hops and the > other ended up in Pittsburgh, PA). > It's the microsoft instant messenger trying to find information about you, it's mostly harmless. The reason that it contains your username is that it's based on email address, so to find IM details for [EMAIL PROTECTED], it does a PROPFIND on the url http://somewhere.com/instmsg/aliases/bob.
All it means is someone got email from you, and looked to see if you had compatible instant messaging as well (their mail clients may even do this check automatically, I'm not sure). > Any ideas or info would be greatly appreciated. Thanks! > > 2002-12-19 17:35:28 65.119.193.141 - 192.168.43.17 80 PROPFIND > /instmsg/aliases/<username> - 404 - > > then a short time later > > 2002-12-19 20:54:13 141.189.251.1 - 192.168.43.17 80 PROPFIND > /instmsg/aliases/<username> - 404 - > > > mike heitz ** sr it manager ** UPSHOT > 312-943-0900 x5190 -- Jason Kohles [EMAIL PROTECTED] Senior Engineer Red Hat Professional Consulting
