Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Tony Maupin (TonyTheMaupins.com)
Date: Mon May 27 2002 - 21:37:53 CDT
Here is the crap Microsoft says about diabling WebDAV "Because WebDAV is an
extension to the HTTP protocol, the concept of disabling WebDAV verbs is
like disabling native HTTP verbs such as GET, POST, and so forth. This
article describes the process to use to disable WebDAV for those extreme
cases in which a Web administrator does not want any WevDAV functionality at
Here's what is said about WindowsXP "Windows XP contains an even deeper
WebDAV integration. Using XP, all Windows32 applications are WebDAV enabled
as the OS itself contains WebDAV capability. "
How to Disable WebDAV for IIS 5.0
How to disable WebDAV in WindowsXP
search for "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxDAV"
change "Start" to 0 (that's zero)
Sorry, I didn't have time to check the other OS's. I'll check later and
----- Original Message -----
To: "Tony Mason" <Masonosr.com>; "'o00o_j'" <o00o_jyahoo.com>;
Sent: Monday, May 27, 2002 7:22 PM
Subject: RE: Why does XP establish HTTP connection when browsing network s
> Exactly how is WebDAV disabled?
> Alex Jordanov
> ---- original message ----
> >This is the WebDAV mini-redirector that is part of
> Windows XP (mrxdav.sys).
> >It consists of this kernel mode driver, a user mode
> service, and the
> >mini-redirector wrapper (rdbss.sys).
> >You can disable WebDAV and nobody will notice
> UNLESS they are using DAV.
> >Tony Mason
> >Consulting Partner
> >OSR Open Systems Resources, Inc.
> >-----Original Message-----
> >From: o00o_j [mailto:o00o_jyahoo.com]
> >Sent: Friday, May 24, 2002 3:14 PM
> >To: focus-mssecurityfocus.com
> >Subject: Why does XP establish HTTP connection when
> browsing network shares?
> >I've noticed some strange behavior from our IDS.
> Ever since deploying
> >Windows XP to our network, I've been seeing
> connection attempts to port 80
> >on servers not running HTTP daemons. Taking a
> closer look, I discovered
> >darn near every one was from a windows XP machine
> belonging to techs who
> >service those servers. I left it as a curiosity until one
> day, by chance,
> >I noticed my machine triggered the same IDS alarm
> right after I opened a
> >network share (C$) on that machine.
> >Digging down further, I captured a TCP conversation
> between my PC (an XP
> >machine) and a server. Sure enough, towards the end
> of all the SMB jargon
> >is an HTTP exchange, with my client at one point
> sending the following:
> >OPTIONS / HTTP/1.1
> >translate: f
> >User-Agent: Microsoft-WebDAV-MiniRedir/5.1.2600
> >Host: [NetBIOS name of host i'm trying to connect to]
> >and receiving back a canned warning from my IDS.
> I'm sure this is nothing
> >to worry about, however I'm concerned about disabling
> it to limit false
> >positives on my IDS. Any ideas? thoughts? Any info.
> would help here...
> >our XP guru in-house had never heard of this before.
> thanks in advance.
> >Do You Yahoo!?
> >LAUNCH - Your Yahoo! Music Experience