Perhaps slightly OT - Lots of spurious webdav requests.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hello All,

I am running a CentOS 4.6 file server for a small office network and I
am getting a lot of strange webdav requests from one of the Windows
workstations - I have not configured Webdav on the Windows host
(hereafter "windows-laptop") in question.

Some details - I have configured a Samba share called (say) "share1"
on the CentOS server and the windows-laptop connects to this share
using CIFS, nothing unusual there. But, for some reason,
windows-laptop also tried to access a Webdav folder by the same name
("share1") - lots of log entries such as the following (it seems to
try every two minutes):

10.11.1.95 - - [14/Sep/2008:04:10:32 -0400] "OPTIONS / HTTP/1.1" 200 -
"-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
10.11.1.95 - - [14/Sep/2008:04:10:32 -0400] "PROPFIND /share1
HTTP/1.1" 405 312 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"

I have most assuredly not told windows to try and use a Web folder on
the CentOS file server called "/share1", just the CIFS share.

My conclusions -

* Windows is trying to be clever and automatically map CIFS shares to
a Web folder.
* Malware is trying to access a Webfolder by same name as CIFS share.

Any hints from the list would be much appreciated!

Thanks,

Fred.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux