Security Basics mailing list archives
Re: Strange log entries
From: Jason Kohles <jkohles () redhat com>
Date: 02 Jan 2003 11:02:22 -0500
On Fri, 2002-12-20 at 12:45, Mike Heitz wrote:
I've run across a couple log entries on my OWA server. I'm pretty new to security (about a decade as a network admin, now taking on more and more responsibility) and have Googled the Propfind command... only a handful of results (including a MS Whitepaper I am currently reading). Does anyone know what this is exactly? We do not have Instant Messaging enabled on the server... my main concern is that the Username that was listed was my own!!! I've used Visual Route to trace the IP addresses back with marginal success (one got lost after a bunch of hops and the other ended up in Pittsburgh, PA).
It's the microsoft instant messenger trying to find information about you, it's mostly harmless. The reason that it contains your username is that it's based on email address, so to find IM details for bob () somewhere com, it does a PROPFIND on the url http://somewhere.com/instmsg/aliases/bob. All it means is someone got email from you, and looked to see if you had compatible instant messaging as well (their mail clients may even do this check automatically, I'm not sure).
Any ideas or info would be greatly appreciated. Thanks! 2002-12-19 17:35:28 65.119.193.141 - 192.168.43.17 80 PROPFIND /instmsg/aliases/<username> - 404 - then a short time later 2002-12-19 20:54:13 141.189.251.1 - 192.168.43.17 80 PROPFIND /instmsg/aliases/<username> - 404 - mike heitz ** sr it manager ** UPSHOT 312-943-0900 x5190
-- Jason Kohles jkohles () redhat com Senior Engineer Red Hat Professional Consulting
Current thread:
- Re: Strange log entries Jason Kohles (Jan 02)