Security Basics mailing list archives

Re: IIS Logfile

From: H Carvey <keydet89 () yahoo com>
Date: 26 Oct 2004 16:16:41 -0000

In-Reply-To: <1098740925.417d74bd08f00 () webmail fdta-valles org>

I understand that some "whois" site is checking my server, but Is this
dangerous? Should I block this IP?


The returned HTTP response code is 401, indicating an error.  According to TechNet, 401 response codes have to do with 
failures due to unauthorized access.  

Since the query is failing, I'm curious as to how this activity would appear to be dangerous.  Are you seeing something 
else occuring on your server, which may be a result of this log entry?  If so, can you describe it?

Thanks,

Harlan Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com

Current thread:

IIS Logfile mfernandez (Oct 25)
- Re: IIS Logfile craig (Oct 26)
- Re: IIS Logfile Miles Stevenson (Oct 26)
- <Possible follow-ups>
- Re: IIS Logfile H Carvey (Oct 26)
- Re: IIS Logfile mfernandez (Oct 27)
  - Re: IIS Logfile Anthony Boynes (Oct 27)
  - Re: IIS Logfile messanger (Oct 28)
- RE: IIS Logfile Andrew Shore (Oct 27)
- RE: IIS Logfile Eric McCarty (Oct 27)