Security Basics mailing list archives

RE: Strange desktop.ini entries in IIS log

From: "Rosenhan, David" <David.Rosenhan () swiftbrands com>
Date: Thu, 11 Mar 2004 15:47:50 -0700

I have seen this when tracing traffic using Sniffer and found that the
client asks for this all the time when getting files.  This .ini file
determines how the "item" is displayed on the desktop.  This is not the
desktop.ini file that controls the desktop.  

Basically this is Windows asking for something that usually is not
available in the directory you are opening the file from.  

Totally normal Windows crap.

Thanks!

David Rosenhan, CCNP
Information Technology


-----Original Message-----
From: Dan Denton [mailto:ddenton () PAYLESSOFFICE com] 
Sent: Thursday, March 11, 2004 7:43 AM
To: security-basics () security-focus com
Subject: Strange desktop.ini entries in IIS log

I have been seeing sporadic entries in the IIS log for our domain
controller which show my workstation attempting to access ~/desktop.ini
on the server. These attempts have been blocked by urlscan. Has anyone
else seen this before, and is this something I should be worried about?
I have only ever seen them coming from my workstation. I apologize for
posting this in security basics, but after posting it to the focus-ms
list I got no response.
 
Dan Denton
IT Manager, CCNA
Pay-LESS Office Products

------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Strange desktop.ini entries in IIS log Dan Denton (Mar 11)
- <Possible follow-ups>
- RE: Strange desktop.ini entries in IIS log Rosenhan, David (Mar 11)