I would have to agree here. The only flag that would have been of concern would have been a PUT command, however the line you have shown is normal for a typical web browse. They may have been viewing the site from a MSFT application like Front Page, Word, Excel, etc.. At the same time they apparently copied an image from your site using their program of choice. 


---- Charles Jones <charles.jones@ciscolearning.org> wrote: 
> I've seen similar to below when someone embeds a picture in an MS-Word 
> or PowerPoint document. I'm not sure how it happens, but sometimes when 
> they drag the picture in from a web page, it gets hotlinked to the URL, 
> so when someone opens the document, MS-Office fetches the image instead 
> of having a static copy of it.
> 
> -Charles
> > No - it's an apache server (Linux)
> >
> > access_log looks like
> >
> > IP_ADDRESS - - [05/Feb/2008:17:55:56 -0700] "OPTIONS /mccain.jpg
> > HTTP/1.1" 200 - "-" "Microsoft Data Access Internet Publishing Provider
> > Protocol Discovery"
> > IP_ADDRESS - - [05/Feb/2008:17:55:57 -0700] "GET /mccain.jpg HTTP/1.1"
> > 200 56535 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
> > rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11"
> >
> > This was the same ip address - just one second apart. I've never seen
> > that before.
> >   
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

--
Please visit
http://www.iconnetworksolutions.com

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss