Apache Logs Showing Odd Microsoft-WebDAV-MiniRedir/6.0.6002 Activity
Results 1 to 3 of 3

Thread: Apache Logs Showing Odd Microsoft-WebDAV-MiniRedir/6.0.6002 Activity

Hybrid View

  1. #1
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018

    Apache Logs Showing Odd Microsoft-WebDAV-MiniRedir/6.0.6002 Activity

    I occasionally get activity from Microsoft-WebDAV-MiniRedir/6.0.6002 showing up in may apache logs from my wife's Windows 7 laptop.

    This morning I noticed something a little more out of the ordinary, note the attemts to access executable files:

    10.200.1.120 - - [10/Mar/2013:09:07:11 +0000] "OPTIONS /xxxxN HTTP/1.1" 200 - "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:11 +0000] "PROPFIND /xxxxN HTTP/1.1" 405 308 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:11 +0000] "PROPFIND /xxxx HTTP/1.1" 405 307 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:11 +0000] "PROPFIND /xxxxN HTTP/1.1" 405 308 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:11 +0000] "PROPFIND /xxxx HTTP/1.1" 405 307 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:11 +0000] "PROPFIND /xxxxN.bat HTTP/1.1" 405 312 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:11 +0000] "PROPFIND /xxxxN.cmd HTTP/1.1" 405 312 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:11 +0000] "PROPFIND /xxxxN.exe HTTP/1.1" 405 312 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:11 +0000] "PROPFIND /xxxxN.com HTTP/1.1" 405 312 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:11 +0000] "PROPFIND /xxxxN.pif HTTP/1.1" 405 312 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:11 +0000] "PROPFIND /xxxxN.lnk HTTP/1.1" 405 312 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:11 +0000] "PROPFIND /xxxxN.dll HTTP/1.1" 403 2145 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:13 +0000] "PROPFIND /xxxxN.dll HTTP/1.1" 403 2145 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:13 +0000] "PROPFIND /xxxxN.dll HTTP/1.1" 403 2145 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:13 +0000] "PROPFIND /xxxxN.dll HTTP/1.1" 403 2145 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:13 +0000] "PROPFIND /xxxxN HTTP/1.1" 405 308 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:13 +0000] "PROPFIND /xxxx HTTP/1.1" 405 307 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:24 +0000] "PROPFIND /xxxxN HTTP/1.1" 405 308 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:24 +0000] "PROPFIND /xxxx HTTP/1.1" 405 307 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:24 +0000] "PROPFIND /xxxxN HTTP/1.1" 405 308 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:24 +0000] "PROPFIND /xxxx HTTP/1.1" 405 307 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:24 +0000] "PROPFIND /xxxxN HTTP/1.1" 405 308 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:24 +0000] "PROPFIND /xxxx HTTP/1.1" 405 307 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"
    10.200.1.120 - - [10/Mar/2013:09:07:24 +0000] "PROPFIND /xxxxN.bat HTTP/1.1" 405 312 "-" "Microsoft-WebDAV-MiniRedir/6.0.6002"

    xxxx are the first four letters of my wife's name.

    No one was physically at the laptop at the time, it's up to date and running MS Security Essentials, which was up to date at the time.

    Running a full scan now in safe mode, but if anyone has any suggestions that would be most appreciated.

    10.200.1.120 is on my local subnet and is the address of my wife's laptop.

    Edit:
    Normally I'd blame the kids for installing something. The only recent installs were 9/3 Firefox Upgrade to 19.0.2 and (new one to me) Mozilla Maintenance Service, and 1/3 Bullzip PDF Printer

    Regards (long time since I've been here)
    Steve
    Last edited by steve.milner; March 11th, 2013 at 12:53 PM.
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  2. #2
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    I have worked this out.

    It's MS Security Essentials performing a scan, trying to connect to network share link that's on the desktop and scan it for problems.

    I've either not noticed it before, or a recent update has resulted in these scans.

    Web Client service disabled on the wife's laptop has now prevented the problem.

    Regards,

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  3. #3
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    Quote Originally Posted by AaronMaxwell View Post
    Setup a guest account then give them some writable directories.
    Well, the kids have got their own PC with exactly that. However, inventive as ever, the kids like to use Mummy's PC because they can install stuff without needing to bother me for passwords!
    After the last debacle with spyware they have been lectured and have been well behaved since.
    Why does firefox need system wide access just to update itself?
    I didn't say it did, I just mentioned the software that had been updated recently, since I always look at the latest changes as a source of problems.

    It's "optional" so I guess the wife wasn't paying attention at the last update:

    http://support.mozilla.org/en-US/kb/...enance-service

    Regards,
    Steve
    Last edited by steve.milner; March 13th, 2013 at 02:33 PM.
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

Similar Threads

  1. wireshark showing weird activity
    By psaux in forum Network Security Discussions
    Replies: 8
    Last Post: May 23rd, 2007, 08:36 PM
  2. Microsoft WebDAV
    By Surreal in forum Microsoft Security Discussions
    Replies: 2
    Last Post: March 25th, 2003, 06:46 PM
  3. Microsoft IIS WebDAV Remote Compromise Vulnerability
    By sambeckett in forum Microsoft Security Discussions
    Replies: 6
    Last Post: March 18th, 2003, 02:48 AM
  4. Activity Logs
    By xstonedogx in forum Site Feedback/Questions/Suggestions
    Replies: 4
    Last Post: October 24th, 2001, 05:22 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •