Windows XP Wierd Activity
Results 1 to 9 of 9

Thread: Windows XP Wierd Activity

  1. #1
    Junior Member
    Join Date
    Sep 2002
    Posts
    4

    Windows XP Wierd Activity

    I have a windows xp machine and a linux machine, the windows xp machine accesses my linux machine via http, it leaves the following in my logfiles,
    IP -- DATE "OPTIONS / HTTP/1.1" 200 -
    IP -- DATE "PROPFIND /ftp HTTP/1.1" 404 281

    does anyone have any idea what this is? possibe virus maybe doing some sort of scanning?

  2. #2
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    I need more info to realy know whats going on..waht was the requesting page...what happened around it...waht was the whole line ect...
    as for the commands options is a request to the webserver to find out what commands can be run (get put ect.)
    PROPFIND is a WebDAV command to find out what the properties of an object are .... ith out knowing what object was requested I can't give you any more info.
    Who is more trustworthy then all of the gurus or Buddha’s?

  3. #3
    Senior Member Wazz's Avatar
    Join Date
    Apr 2003
    Posts
    288
    Without a little more information, I can tell you this: The Code 200 tells us that a request was successful. The Code 404 tells us that the resource was not found. Hope this helps a little.
    "It is a shame that stupidity is not painful" - Anton LaVey

  4. #4
    Junior Member
    Join Date
    Sep 2002
    Posts
    4
    sorry it doesn't thanks tho, I know error codes, the ftp directory doesnt exist thats why it gets that. I want to know why m windows is trying to access that on my webserver, or why its accessing it at all

  5. #5
    Member
    Join Date
    Feb 2002
    Posts
    87
    ThaDude,

    Are you using the Windows machine as a webserver running IIS? It sounds to me like some one or some thing has got into your system and is now attempting to access the Linux box via FTP. I could be completely wrong.


    ccKid

  6. #6
    Junior Member
    Join Date
    Mar 2003
    Posts
    12
    Whoa, that sounds like something or someone has gained access to your XP machine and is trying to access your other machine, have you run a viri check on both???

  7. #7
    Junior Member
    Join Date
    Sep 2002
    Posts
    4
    I have norton antivirus running, and I have ran scans. The windows box isnt running any server type services. The linux box is running apache. The windows box connects and leaves those lines in my logs.

  8. #8
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    I would sugest running a port scan on the windows box...and perhaps a two way firewall

  9. #9
    Junior Member
    Join Date
    Sep 2002
    Posts
    4
    Originally posted here by bballad
    I need more info to realy know whats going on..waht was the requesting page...what happened around it...waht was the whole line ect...
    as for the commands options is a request to the webserver to find out what commands can be run (get put ect.)
    PROPFIND is a WebDAV command to find out what the properties of an object are .... ith out knowing what object was requested I can't give you any more info.
    That was the full line, except the date and ip were real. The two pages requested were / and /ftp.

    I have the feeling it is some unknown worm that affects windows xp, because I searched the internet and came up with nothing, except what those commands do, which still doesnt explain why windows would be checking that anyways.

    actually i am starting to think its just a windows xp thing checking for ftps and stuff, and shares, because the things its trying to access have the same name as my samba shares, and on my room mates comp, he has the same thing but with his share names

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides