Hello All,
I am running a CentOS 4.6 file server for a small office network and I
am getting a lot of strange webdav requests from one of the Windows
workstations - I have not configured Webdav on the Windows host
(hereafter "windows-laptop") in question.
Some details - I have configured a Samba share called (say) "share1"
on the CentOS server and the windows-laptop connects to this share
using CIFS, nothing unusual there. But, for some reason,
windows-laptop also tried to access a Webdav folder by the same name
("share1") - lots of log entries such as the following (it seems to
try every two minutes):
10.11.1.95 - - [14/Sep/2008:04:10:32 -0400] "OPTIONS / HTTP/1.1" 200 -
"-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
10.11.1.95 - - [14/Sep/2008:04:10:32 -0400] "PROPFIND /share1
HTTP/1.1" 405 312 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
I have most assuredly not told windows to try and use a Web folder on
the CentOS file server called "/share1", just the CIFS share.
My conclusions -
* Windows is trying to be clever and automatically map CIFS shares to
a Web folder.
* Malware is trying to access a Webfolder by same name as CIFS share.
Any hints from the list would be much appreciated!
Thanks,
Fred.