Security Incidents mailing list archives
Re: gw.ocg-corp.com
From: Jordan K Wiens <jwiens () nersp nerdc ufl edu>
Date: Mon, 13 May 2002 17:54:58 -0400 (EDT)
I've seen a ton of those hits as well. The software that is doing the spidering can be downloaded here: http://larbin.sourceforge.net/index-eng.html Always entertaining is to follow links like: http://IP.OF.LARBIN:8081/ Get all sorts of neat stats on the crawler. Especially good is: http://aa.bb.cc.dd:8081/ip.html Which is fun for finding random links or seeing where the crawler is going. Not really sure what they're doing with the data from this thing, or what it's after, but I have seen it as well. The most interesting thing about it is the WinampMPEG string. The crawler will hit up and (I suppose) follow robots.txt files, at least it looks like it does from my logs of larbin crawls. -- Jordan Wiens UF Network Incident Response Team (352)392-2061 On Mon, 13 May 2002 netscience () hushmail com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 gw.ocg-corp.com - - [12/May/2002:20:29:08 -0400] "GET / HTTP/1.0" 200 18141 "-" "Opera/6.01 larbin2.6.2 () unspecified mail" gw.ocg-corp.com - - [12/May/2002:20:31:04 -0400] "GET / HTTP/1.0" 200 18141 "-" "WinampMPEG/2.00 larbin () unspecified mail" Anyone know who or what this is gw.ocg-corp.com been running rampant through the logs the past 72 hours, following links even with noindex applied, no info on any google searches except last few days indexing same, no whois, nothing. Been snooping around the site over and over again, all pages, using different user agents in the last 72 hours. Annoying as hell .. -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wl4EARECAB8FAjzgMyYYHG5ldHNjaWVuY2VAaHVzaG1haWwuY29tAAoJECFLG0i2k7ir NhQAl3ZWuDE9OBKEEbZLyOr2AGcI4TEAn1BxSYp3+CW1QE9yu/Btzi60RJGH =WTBP -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- gw.ocg-corp.com netscience (May 13)
- Re: gw.ocg-corp.com Chip McClure (May 13)
- Got 'em. (was "Re: gw.ocg-corp.com") Jay D. Dyson (May 13)
- Re: Got 'em. (was "Re: gw.ocg-corp.com") Chip McClure (May 13)
- Re: Got 'em. (was "Re: gw.ocg-corp.com") Hugo van der Kooij (May 13)
- Got 'em. (was "Re: gw.ocg-corp.com") Jay D. Dyson (May 13)
- Re: gw.ocg-corp.com Jordan K Wiens (May 13)
- Re: gw.ocg-corp.com Christian Vogel (May 13)
- Re: gw.ocg-corp.com Will Aoki (May 13)
- Re: gw.ocg-corp.com Chip McClure (May 13)