Security Incidents mailing list archives
Re: gw.ocg-corp.com
From: Chip McClure <vhm3 () hades gigguardian com>
Date: Mon, 13 May 2002 14:56:00 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I don't have any luck finding out any info on ocg-corp.com either. :( I've got a few of the hits in my webserver logs, the same as you. My guess, someone's spoofing the reverse dns on it. Kinda sounds like someone is doing some very hard spidering on your site. However, I did find out some info on Labin: http://larbin.sourceforge.net/index-eng.html The following is a cut from my server logs as well, any relevance, or associated IP's: 62.23.138.142 - - [05/May/2002:08:26:33 -0700] "GET /robots.txt HTTP/1.0" 404 335 "-" "larbin_2.6.1 (larbin2.6.1 () unspecified mail)" 62.23.138.142 - - [05/May/2002:08:26:33 -0700] "GET / HTTP/1.0" 200 4571 "-" "larbin_2.6.1 larbin2.6.1 () unspecified mail" 62.23.138.142 - - [07/May/2002:14:32:53 -0700] "GET /robots.txt HTTP/1.0" 404 335 "-" "larbin_2.6.1 (larbin2.6.1 () unspecified mail)" 62.23.138.142 - - [07/May/2002:14:32:56 -0700] "GET / HTTP/1.0" 200 4571 "-" "larbin_2.6.1 larbin2.6.1 () unspecified mail" 209.126.176.3 - - [09/May/2002:13:34:35 -0700] "GET /robots.txt HTTP/1.0" 404 335 "-" "larbin_2.6.2 (larbin2.6.2 () unspecified mail)" 209.126.176.3 - - [09/May/2002:13:34:39 -0700] "GET / HTTP/1.0" 200 4571 "-" "larbin_2.6.2 larbin2.6.2 () unspecified mail" gw.ocg-corp.com - - [10/May/2002:17:29:38 -0700] "GET /robots.txt HTTP/1.0" 404 335 "-" "WinampMPEG/2.00 (larbin () unspecified mail)" gw.ocg-corp.com - - [10/May/2002:17:37:31 -0700] "GET /robots.txt HTTP/1.0" 404 335 "-" ""Opera/6.01 (larbin () unspecified mail)" gw.ocg-corp.com - - [10/May/2002:17:37:32 -0700] "GET / HTTP/1.0" 200 4571 "-" ""Opera/6.01 larbin () unspecified mail" gw.ocg-corp.com - - [11/May/2002:22:33:39 -0700] "GET /robots.txt HTTP/1.0" 404 335 "-" "WinampMPEG/2.00 (larbin () unspecified mail)" gw.ocg-corp.com - - [11/May/2002:22:33:39 -0700] "GET / HTTP/1.0" 200 4571 "-" "WinampMPEG/2.00 larbin () unspecified mail" - ----- Chip McClure Sr. Unix Administrator GigGuardian, Inc. http://www.gigguardian.com/ - ----- On Mon, 13 May 2002 netscience () hushmail com wrote:
gw.ocg-corp.com - - [12/May/2002:20:29:08 -0400] "GET / HTTP/1.0" 200 18141 "-" "Opera/6.01 larbin2.6.2 () unspecified mail" gw.ocg-corp.com - - [12/May/2002:20:31:04 -0400] "GET / HTTP/1.0" 200 18141 "-" "WinampMPEG/2.00 larbin () unspecified mail" Anyone know who or what this is gw.ocg-corp.com been running rampant through the logs the past 72 hours, following links even with noindex applied, no info on any google searches except last few days indexing same, no whois, nothing. Been snooping around the site over and over again, all pages, using different user agents in the last 72 hours. Annoying as hell .. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ------------ Output from pgp ------------ Pretty Good Privacy(tm) Version 6.5.8 Internal development version only - not for general release. (c) 1999 Network Associates Inc. Export of this software may be restricted by the U.S. government. File is signed. signature not checked. Signature made 2002/05/13 21:42 GMT key does not meet validity threshold. WARNING: Because this public key is not certified with a trusted signature, it is not known with high confidence that this public key actually belongs to: "(KeyID: 0xB693B8AB)". wiping file pgptemp.$00pattern is: 0xffffffff pattern is: 0x333 pattern is: 0xaaa pattern is: 0x666 pattern is: 0x492 pattern is: 0x222 pattern is: 0x0 pattern is: 0xddd pattern is: 0xffffffff pattern is: 0x924 pattern is: 0xb6d pattern is: 0xfff pattern is: 0x999 pattern is: 0xffffffff pattern is: 0x249 pattern is: 0xeee pattern is: 0x888 pattern is: 0xccc pattern is: 0xbbb pattern is: 0x777 pattern is: 0x555 pattern is: 0xdb6 pattern is: 0x6db pattern is: 0x111 pattern is: 0x444 pattern is: 0xffffffff wiping file pgptemp.$01pattern is: 0xffffffff pattern is: 0x492 pattern is: 0x999 pattern is: 0xaaa pattern is: 0xb6d pattern is: 0x666 pattern is: 0x0 pattern is: 0x888 pattern is: 0x6db pattern is: 0xbbb pattern is: 0xccc pattern is: 0x924 pattern is: 0xddd pattern is: 0xffffffff pattern is: 0xeee pattern is: 0xfff pattern is: 0x249 pattern is: 0xdb6 pattern is: 0x444 pattern is: 0x333 pattern is: 0x555 pattern is: 0x111 pattern is: 0x777 pattern is: 0x222 pattern is: 0xffffffff pattern is: 0xffffffff
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.76 iQA/AwUBPOA2c5uKtP8CSC69EQKb+QCg2V7Lsf7wKM2yiSi3jDHAI0FQ2LQAoM/6 p1ssUdbrGQ1G9FiwE4Nhv4YU =ebqg -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- gw.ocg-corp.com netscience (May 13)
- Re: gw.ocg-corp.com Chip McClure (May 13)
- Got 'em. (was "Re: gw.ocg-corp.com") Jay D. Dyson (May 13)
- Re: Got 'em. (was "Re: gw.ocg-corp.com") Chip McClure (May 13)
- Re: Got 'em. (was "Re: gw.ocg-corp.com") Hugo van der Kooij (May 13)
- Got 'em. (was "Re: gw.ocg-corp.com") Jay D. Dyson (May 13)
- Re: gw.ocg-corp.com Jordan K Wiens (May 13)
- Re: gw.ocg-corp.com Christian Vogel (May 13)
- Re: gw.ocg-corp.com Will Aoki (May 13)
- Re: gw.ocg-corp.com Chip McClure (May 13)