Susan
Wed Jul 09 00:53:56 CDT 2003
Doesn't hurt to be paranoid.
Sean Raftery wrote:
> Thanks Susan. I got some good stuff out of that PPT presentation. Reading
> through the blurb I think it could be FrontPage that generated those entries
> but I think I run MSBA and IIS lockdown just to be sure.
>
> "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
> wrote in message news:3F0B675A.81D24532@pacbell.net...
> >
http://webdev.indiana.edu/2002/powerpoint/ECO8.ppt
> >
> > Scroll down and you'll see the Webdav log info...
> >
> > "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" wrote:
> >
> > > IIS always runs on a SBS2k box.
> > >
> > > If you have port 80 closed,
> > >
> > >
http://www.webmasterworld.com/forum11/1349.htm
> > >
> > > That's an internal IP address right? And not an external one?
> > >
http://webdev.indiana.edu/2002/powerpoint/335,60,IIS Logs (cont.) URL
> scan
> > >
> > > You might want to run URLscan and IIS lockdown just to be paranoid.....
> > >
> > > Sean Raftery wrote:
> > >
> > > > Hi,
> > > >
> > > > Discovered another thing last night that concerns me a bit. I was
> looking
> > > > through my ISA logs and I found lots of entries containing the line
> > > > "Microsoft-WebDAV-MiniRedir/5.1.2600".
> > > >
> > > > Can someone give me an indication as to whether I should be panicking
> now?
> > > > I have ISA blocking port 80 but I got a shock when I discovered that
> IIS was
> > > > running on the SBS box (a result of some internal OWA testing I
> think).
> > > > Anyway, all these entries contain the SBS box internal IP or the IP of
> > > > another internal box on the LAN.
> > > >
> > > > So...is this just something happening internally? or am I being
> pinged? or
> > > > have I been hacked?
> >