Security Incidents mailing list archives

Re: gw.ocg-corp.com

From: Jordan K Wiens <jwiens () nersp nerdc ufl edu>
Date: Mon, 13 May 2002 17:54:58 -0400 (EDT)

I've seen a ton of those hits as well.  The software that is doing the
spidering can be downloaded here:
http://larbin.sourceforge.net/index-eng.html

Always entertaining is to follow links like:
http://IP.OF.LARBIN:8081/
Get all sorts of neat stats on the crawler.

Especially good is:
http://aa.bb.cc.dd:8081/ip.html
Which is fun for finding random links or seeing where the crawler is going.

Not really sure what they're doing with the data from this thing, or what
it's after, but I have seen it as well.  The most interesting thing about
it is the WinampMPEG string.  The crawler will hit up and (I suppose)
follow robots.txt files, at least it looks like it does from my logs of
larbin crawls.

-- 
Jordan Wiens
UF Network Incident Response Team
(352)392-2061

On Mon, 13 May 2002 netscience () hushmail com wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

gw.ocg-corp.com - - [12/May/2002:20:29:08 -0400] "GET / HTTP/1.0" 200 18141 "-" "Opera/6.01 larbin2.6.2 () 
unspecified mail"
gw.ocg-corp.com - - [12/May/2002:20:31:04 -0400] "GET / HTTP/1.0" 200 18141 "-" "WinampMPEG/2.00 larbin () 
unspecified mail"

Anyone know who or what this is gw.ocg-corp.com been running rampant through the logs the past 72 hours, following 
links even with noindex applied, no info on any google searches except last few days indexing same, no whois, 
nothing. Been snooping around the site over and over again, all pages, using different user agents in the last 72 
hours.

Annoying as hell


..
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wl4EARECAB8FAjzgMyYYHG5ldHNjaWVuY2VAaHVzaG1haWwuY29tAAoJECFLG0i2k7ir
NhQAl3ZWuDE9OBKEEbZLyOr2AGcI4TEAn1BxSYp3+CW1QE9yu/Btzi60RJGH
=WTBP
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

gw.ocg-corp.com netscience (May 13)
- Re: gw.ocg-corp.com Chip McClure (May 13)
  - Got 'em. (was "Re: gw.ocg-corp.com") Jay D. Dyson (May 13)
    - Re: Got 'em. (was "Re: gw.ocg-corp.com") Chip McClure (May 13)
    - Re: Got 'em. (was "Re: gw.ocg-corp.com") Hugo van der Kooij (May 13)
- Re: gw.ocg-corp.com Jordan K Wiens (May 13)
- Re: gw.ocg-corp.com Christian Vogel (May 13)
- Re: gw.ocg-corp.com Will Aoki (May 13)