Why does XP establish HTTP connection when browsing network shares?

From: o00o_j (o00o_j@yahoo.com)
Date: 05/24/02

• Previous message: Thad Horak: "Wingate Replacement"
• Next in thread: Dave Feustel: "Re: Why does XP establish HTTP connection when browsing network shares?"
• Reply: Dave Feustel: "Re: Why does XP establish HTTP connection when browsing network shares?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 24 May 2002 12:13:49 -0700 (PDT)
From: o00o_j <o00o_j@yahoo.com>
To: focus-ms@securityfocus.com

I've noticed some strange behavior from our IDS. Ever since deploying
Windows XP to our network, I've been seeing connection attempts to port 80
on servers not running HTTP daemons. Taking a closer look, I discovered
darn near every one was from a windows XP machine belonging to techs who
service those servers. I left it as a curiosity until one day, by chance,
I noticed my machine triggered the same IDS alarm right after I opened a
network share (C$) on that machine.

Digging down further, I captured a TCP conversation between my PC (an XP
machine) and a server. Sure enough, towards the end of all the SMB jargon
is an HTTP exchange, with my client at one point sending the following:

---
OPTIONS / HTTP/1.1
translate: f
User-Agent: Microsoft-WebDAV-MiniRedir/5.1.2600
Host: [NetBIOS name of host i'm trying to connect to]
---
and receiving back a canned warning from my IDS.  I'm sure this is nothing
to worry about, however I'm concerned about disabling it to limit false
positives on my IDS.  Any ideas?  thoughts?  Any info. would help here...
our XP guru in-house had never heard of this before.  thanks in advance.
-j
__________________________________________________
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com

---

• Previous message: Thad Horak: "Wingate Replacement"
• Next in thread: Dave Feustel: "Re: Why does XP establish HTTP connection when browsing network shares?"
• Reply: Dave Feustel: "Re: Why does XP establish HTTP connection when browsing network shares?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: PID 1212 slowly maxing out? ... Windows 2003 servers, but could it affect Windows XP as well? ... I'm on a home network running on wireless. ... Logical Disk Manager service ... (microsoft.public.windowsxp.help_and_support) Re: cant browse domain ... the computer browser service is turned on, on more than one computer in the ... there is no firewall software in place and the windows firewall is not ... > enabled on the computers you are looking for in Network Places? ... > the list of servers for this workgroup is not currently available ... (microsoft.public.windows.server.networking) Re: Computer Browser/ Netbios Issue ... a Windows NT type domain and for 95/98 machines? ... domains in "My Network Places" in place of Wins? ... transferred the DHCP information to the new servers and also ... (microsoft.public.windows.server.networking) Re: Network Connectivity Problem ... I am having a network connectivity problem with a number of Windows ... All servers are virtualised on VMWare ESX 2.5 ... I could not figure out why the network connection was ... (microsoft.public.windows.server.networking) Re: Quite puzzled???? ... browse computers, servers... ... Is it true that we can get rid of WINS in windows 2003 envir.? ... users browse the entire network, they are able to see only ... part of workstations, not servers. ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)