Welcome to MobyThreads.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in
All support for the MobyThreads Threaded phpBB MOD can now be found on welsolutions at this forum

Strange records IN IIS Log file

  
   Web Hosting and Web Master Forums (Home) -> IIS RSS
Next:  SMTP queue possible?  
Author Message
user745

External


Since: Sep 08, 2003
Posts: 2



(Msg. 1) Posted: Mon Sep 08, 2003 2:41 pm
Post subject: Strange records IN IIS Log file
Archived from groups: microsoft>public>inetserver>iis (more info?)
These are some records from my IIS 5.0 log file.
All IP addresses from my INTERNAL Network.

I don't have any viruses in my network.

202.158.179.158; 202.158.179.176; - XP Workstation;
202.158.179.2 Domain Controller;
202.158.179.50 - Exchange Server 2000 with IIS, Cert. Server and WEB Outlook

What is the reason of these records?

Thanks;
arkady.DeleteThis@hynomics.com mailto:arkady@hynomics.com



2003-09-08 17:31:23 202.158.179.158 - HYN-EMAIL01 202.158.179.50 80 OPTIONS
/ - 403 Microsoft-WebDAV-MiniRedir/5.1.2600
2003-09-08 17:31:38 202.158.179.176 - HYN-EMAIL01 202.158.179.50 80 OPTIONS
/ - 403 Microsoft-WebDAV-MiniRedir/5.1.2600
2003-09-08 17:31:39 202.158.179.176 - HYN-EMAIL01 202.158.179.50 80 OPTIONS
/ - 403 Microsoft-WebDAV-MiniRedir/5.1.2600

2003-09-08 17:35:26 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
/CertEnroll/Hynomics+Corporation.crl - 403
CryptRetrieveObjectByUrl::InetSchemeProvider
2003-09-08 17:35:26 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
/CertEnroll/Hynomics+Corporation.crl - 403
CryptRetrieveObjectByUrl::InetSchemeProvider
2003-09-08 17:40:28 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
/CertEnroll/Hynomics+Corporation.crl - 403
CryptRetrieveObjectByUrl::InetSchemeProvider
2003-09-08 17:40:28 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
/CertEnroll/Hynomics+Corporation.crl - 403
CryptRetrieveObjectByUrl::InetSchemeProvider
2003-09-08 17:45:30 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
/CertEnroll/Hynomics+Corporation.crl - 403
CryptRetrieveObjectByUrl::InetSchemeProvider
2003-09-08 17:45:30 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
/CertEnroll/Hynomics+Corporation.crl - 403
CryptRetrieveObjectByUrl::InetSchemeProvider
2003-09-08 17:50:32 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
/CertEnroll/Hynomics+Corporation.crl - 403
CryptRetrieveObjectByUrl::InetSchemeProvider
2003-09-08 17:50:32 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
/CertEnroll/Hynomics+Corporation.crl - 403
CryptRetrieveObjectByUrl::InetSchemeProvider
2003-09-08 17:55:34 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
/CertEnroll/Hynomics+Corporation.crl - 403
CryptRetrieveObjectByUrl::InetSchemeProvider

 >> Stay informed about: Strange records IN IIS Log file 
Back to top
Login to vote
someone9

External


Since: Aug 25, 2003
Posts: 2419



(Msg. 2) Posted: Thu Sep 11, 2003 1:11 am
Post subject: Re: Strange records IN IIS Log file [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
These records are far from strange.

WebDAV and Certificate-Revocation-List -- both pretty valid based on your
server configuration.

The Certificate-Revocation-List is probably due to your Cert Server issuing
certs that say this server contains the CRL.

The OPTIONS request is a usual part of WebDAV.

I suggest that you familiarize yourself with more web technologies before
you try to sift through IIS log files looking for "suspicious" or "strange"
requests... unless you like false-positive alarms.

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Arkady Shteyngart" <arkady.shteyngart DeleteThis @hynomics.com> wrote in message
news:ePJh8ijdDHA.1828@TK2MSFTNGP10.phx.gbl...
These are some records from my IIS 5.0 log file.
All IP addresses from my INTERNAL Network.

I don't have any viruses in my network.

202.158.179.158; 202.158.179.176; - XP Workstation;
202.158.179.2 Domain Controller;
202.158.179.50 - Exchange Server 2000 with IIS, Cert. Server and WEB Outlook

What is the reason of these records?

Thanks;
arkady DeleteThis @hynomics.com mailto:arkady@hynomics.com



2003-09-08 17:31:23 202.158.179.158 - HYN-EMAIL01 202.158.179.50 80 OPTIONS
/ - 403 Microsoft-WebDAV-MiniRedir/5.1.2600
2003-09-08 17:31:38 202.158.179.176 - HYN-EMAIL01 202.158.179.50 80 OPTIONS
/ - 403 Microsoft-WebDAV-MiniRedir/5.1.2600
2003-09-08 17:31:39 202.158.179.176 - HYN-EMAIL01 202.158.179.50 80 OPTIONS
/ - 403 Microsoft-WebDAV-MiniRedir/5.1.2600

2003-09-08 17:35:26 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
/CertEnroll/Hynomics+Corporation.crl - 403
CryptRetrieveObjectByUrl::InetSchemeProvider
2003-09-08 17:35:26 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
/CertEnroll/Hynomics+Corporation.crl - 403
CryptRetrieveObjectByUrl::InetSchemeProvider
2003-09-08 17:40:28 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
/CertEnroll/Hynomics+Corporation.crl - 403
CryptRetrieveObjectByUrl::InetSchemeProvider
2003-09-08 17:40:28 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
/CertEnroll/Hynomics+Corporation.crl - 403
CryptRetrieveObjectByUrl::InetSchemeProvider
2003-09-08 17:45:30 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
/CertEnroll/Hynomics+Corporation.crl - 403
CryptRetrieveObjectByUrl::InetSchemeProvider
2003-09-08 17:45:30 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
/CertEnroll/Hynomics+Corporation.crl - 403
CryptRetrieveObjectByUrl::InetSchemeProvider
2003-09-08 17:50:32 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
/CertEnroll/Hynomics+Corporation.crl - 403
CryptRetrieveObjectByUrl::InetSchemeProvider
2003-09-08 17:50:32 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
/CertEnroll/Hynomics+Corporation.crl - 403
CryptRetrieveObjectByUrl::InetSchemeProvider
2003-09-08 17:55:34 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
/CertEnroll/Hynomics+Corporation.crl - 403
CryptRetrieveObjectByUrl::InetSchemeProvider

 >> Stay informed about: Strange records IN IIS Log file 
Back to top
Login to vote
timcof

External


Since: Sep 02, 2003
Posts: 912



(Msg. 3) Posted: Thu Sep 11, 2003 8:07 am
Post subject: RE: Strange records IN IIS Log file [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
run a net sniff via netmon and see what they are doing. Some were DAV requests, but it is probably some service or program
generating those.

Thank you. I hope this information is helpful.

Tim Coffey [MSFT]

This posting is provided “AS IS” with no warranties, and confers no rights. You assume all risk for your use. © 2001 Microsoft
Corporation. All rights reserved.
--------------------
| Reply-To: "Arkady Shteyngart" <arkady.shteyngart.DeleteThis@hynomics.com>
| From: "Arkady Shteyngart" <arkady.shteyngart.DeleteThis@hynomics.com>
| Subject: Strange records IN IIS Log file
| Date: Mon, 8 Sep 2003 11:41:55 -0700
| Lines: 52
| Organization: Hynomics Corporation
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <ePJh8ijdDHA.1828.DeleteThis@TK2MSFTNGP10.phx.gbl>
| Newsgroups: microsoft.public.inetserver.iis
| NNTP-Posting-Host: hyn-email01.hynomics.com 192.147.168.10
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.inetserver.iis:274481
| X-Tomcat-NG: microsoft.public.inetserver.iis
|
| These are some records from my IIS 5.0 log file.
| All IP addresses from my INTERNAL Network.
|
| I don't have any viruses in my network.
|
| 202.158.179.158; 202.158.179.176; - XP Workstation;
| 202.158.179.2 Domain Controller;
| 202.158.179.50 - Exchange Server 2000 with IIS, Cert. Server and WEB Outlook
|
| What is the reason of these records?
|
| Thanks;
| arkady.DeleteThis@hynomics.com mailto:arkady@hynomics.com
|
|
|
| 2003-09-08 17:31:23 202.158.179.158 - HYN-EMAIL01 202.158.179.50 80 OPTIONS
| / - 403 Microsoft-WebDAV-MiniRedir/5.1.2600
| 2003-09-08 17:31:38 202.158.179.176 - HYN-EMAIL01 202.158.179.50 80 OPTIONS
| / - 403 Microsoft-WebDAV-MiniRedir/5.1.2600
| 2003-09-08 17:31:39 202.158.179.176 - HYN-EMAIL01 202.158.179.50 80 OPTIONS
| / - 403 Microsoft-WebDAV-MiniRedir/5.1.2600
|
| 2003-09-08 17:35:26 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
| /CertEnroll/Hynomics+Corporation.crl - 403
| CryptRetrieveObjectByUrl::InetSchemeProvider
| 2003-09-08 17:35:26 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
| /CertEnroll/Hynomics+Corporation.crl - 403
| CryptRetrieveObjectByUrl::InetSchemeProvider
| 2003-09-08 17:40:28 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
| /CertEnroll/Hynomics+Corporation.crl - 403
| CryptRetrieveObjectByUrl::InetSchemeProvider
| 2003-09-08 17:40:28 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
| /CertEnroll/Hynomics+Corporation.crl - 403
| CryptRetrieveObjectByUrl::InetSchemeProvider
| 2003-09-08 17:45:30 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
| /CertEnroll/Hynomics+Corporation.crl - 403
| CryptRetrieveObjectByUrl::InetSchemeProvider
| 2003-09-08 17:45:30 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
| /CertEnroll/Hynomics+Corporation.crl - 403
| CryptRetrieveObjectByUrl::InetSchemeProvider
| 2003-09-08 17:50:32 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
| /CertEnroll/Hynomics+Corporation.crl - 403
| CryptRetrieveObjectByUrl::InetSchemeProvider
| 2003-09-08 17:50:32 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
| /CertEnroll/Hynomics+Corporation.crl - 403
| CryptRetrieveObjectByUrl::InetSchemeProvider
| 2003-09-08 17:55:34 202.158.179.2 - HYN-EMAIL01 202.158.179.50 80 GET
| /CertEnroll/Hynomics+Corporation.crl - 403
| CryptRetrieveObjectByUrl::InetSchemeProvider
|
|
|
 >> Stay informed about: Strange records IN IIS Log file 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
strange problem with iistate and w2k crash - Hi all, this is my problem I work with terminal services with win2k I know that iistate don't work with terminal services. But it would work with telnet. So i go in telnet and logon as Administrator (with debug permission in local policy), but when i ru...

Strange problem opening excel document from Web - I have created a web page on IIS that allows folder browsing open to all users (just for testing). The problem is when opening an Excel document from the site, the document opens in Excel with the workbook name of "Book1" and not the actua...

IIS LOG file time - I have the same problem! all the Log file details are in GMT Time not Local time from where I can change this setting so IIS will take local time when log tarnsaction not GMT Thanks arkady.shteyngart@hynomics.com

IIS - File Upload - Hello, I hope to know that what's happen in progress of uploading file to IIS Server? Bcz, I must examing the possibility of IIS server on file upload, to make a huge level of image server. If possible, I want to know the maximum count of simultanious..

Cannot execute cgi file - Get this error when a page tries to execute a cgi: HTTP Error 403.1 - Forbidden: Execute access is denied. Internet Information Services (IIS) The cgi folder is set to 'Scripts and Executables'. The IUSER account has read/execute permissions on the..
   Web Hosting and Web Master Forums (Home) -> IIS All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]