durusmail: quixote-users: PROPFIND and other methods
PROPFIND and other methods
2005-09-20
Mike Orr (2 parts)
2005-09-20
David Binger
2005-09-20
Mike Orr
2005-09-20
David Binger
2005-09-21
Mike Orr
2005-09-21
Mike Orr
PROPFIND and other methods
David Binger
2005-09-20
On Sep 19, 2005, at 8:16 PM, Mike Orr wrote:

> I found the following in my Quixote access log.
>
> 161.55.32.34 - 2005-09-17 10:39:51 483 "PROPFIND /attachments/
> HTTP/1.1" 200 'Microsoft-WebDAV-MiniRedir/5.1.2600' 0.00sec
>
> I found nothing in the RFCs about these methods but these links
> suggest it's an attack against an IIS server (which I don't have):
> http://groups.google.com/group/microsoft.public.inetserver.iis/
> browse_frm/thread/a9ecbf7ba3bd1794/31879151c845e65f?
> lnk=st&q=propfind&rnum=8#31879151c845e65f
> http://www.iisfaq.com/default.aspx?View=A489

PROPFIND is a webdav method.  Webdav is described in rfc 2518.
Maybe this is just a browser trying to mount your server.

> I'm actually planning to make the logger put the access log in a SQL
> database.  No reason to screw around with this format if I'm only
> using it for one purpose.

It will be interesting to see how well that works.
It seems relatively expensive.
reply