Re: gw.ocg-corp.com

From: Chip McClure (vhm3at_private)
Date: Mon May 13 2002 - 14:56:00 PDT

  • Next message: Jordan K Wiens: "Re: gw.ocg-corp.com"

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    I don't have any luck finding out any info on ocg-corp.com either. :( I've
    got a few of the hits in my webserver logs, the same as you. My guess,
    someone's spoofing the reverse dns on it. Kinda sounds like someone is
    doing some very hard spidering on your site.
    
    However, I did find out some info on Labin:
    
    http://larbin.sourceforge.net/index-eng.html
    
    The following is a cut from my server logs as well, any relevance, or
    associated IP's:
    
    62.23.138.142 - - [05/May/2002:08:26:33 -0700] "GET /robots.txt HTTP/1.0"
    404 335 "-" "larbin_2.6.1 (larbin2.6.1at_private)"
    62.23.138.142 - - [05/May/2002:08:26:33 -0700] "GET / HTTP/1.0" 200 4571
    "-" "larbin_2.6.1 larbin2.6.1at_private"
    62.23.138.142 - - [07/May/2002:14:32:53 -0700] "GET /robots.txt HTTP/1.0"
    404 335 "-" "larbin_2.6.1 (larbin2.6.1at_private)"
    62.23.138.142 - - [07/May/2002:14:32:56 -0700] "GET / HTTP/1.0" 200 4571
    "-" "larbin_2.6.1 larbin2.6.1at_private"
    209.126.176.3 - - [09/May/2002:13:34:35 -0700] "GET /robots.txt HTTP/1.0"
    404 335 "-" "larbin_2.6.2 (larbin2.6.2at_private)"
    209.126.176.3 - - [09/May/2002:13:34:39 -0700] "GET / HTTP/1.0" 200 4571
    "-" "larbin_2.6.2 larbin2.6.2at_private"
    gw.ocg-corp.com - - [10/May/2002:17:29:38 -0700] "GET /robots.txt
    HTTP/1.0" 404 335 "-" "WinampMPEG/2.00 (larbinat_private)"
    gw.ocg-corp.com - - [10/May/2002:17:37:31 -0700] "GET /robots.txt
    HTTP/1.0" 404 335 "-" ""Opera/6.01 (larbinat_private)"
    gw.ocg-corp.com - - [10/May/2002:17:37:32 -0700] "GET / HTTP/1.0" 200 4571
    "-" ""Opera/6.01 larbinat_private"
    gw.ocg-corp.com - - [11/May/2002:22:33:39 -0700] "GET /robots.txt
    HTTP/1.0" 404 335 "-" "WinampMPEG/2.00 (larbinat_private)"
    gw.ocg-corp.com - - [11/May/2002:22:33:39 -0700] "GET / HTTP/1.0" 200 4571
    "-" "WinampMPEG/2.00 larbinat_private"
    
    
    - -----
    Chip McClure
    Sr. Unix Administrator
    GigGuardian, Inc.
    
    http://www.gigguardian.com/
    - -----
    
    On Mon, 13 May 2002 netscienceat_private wrote:
    
    >
    > gw.ocg-corp.com - - [12/May/2002:20:29:08 -0400] "GET / HTTP/1.0" 200 18141 "-" "Opera/6.01 larbin2.6.2at_private"
    > gw.ocg-corp.com - - [12/May/2002:20:31:04 -0400] "GET / HTTP/1.0" 200 18141 "-" "WinampMPEG/2.00 larbinat_private"
    >
    > Anyone know who or what this is gw.ocg-corp.com been running rampant through the logs the past 72 hours, following links even with noindex applied, no info on any google searches except last few days indexing same, no whois, nothing. Been snooping around the site over and over again, all pages, using different user agents in the last 72 hours.
    >
    > Annoying as hell
    >
    >
    > ..
    >
    > ----------------------------------------------------------------------------
    > This list is provided by the SecurityFocus ARIS analyzer service.
    > For more information on this free incident handling, management
    > and tracking system please see: http://aris.securityfocus.com
    >
    > ------------ Output from pgp ------------
    > Pretty Good Privacy(tm) Version 6.5.8
    > Internal development version only - not for general release.
    > (c) 1999 Network Associates Inc.
    > Export of this software may be restricted by the U.S. government.
    > File is signed.  signature not checked.
    > Signature made 2002/05/13 21:42 GMT
    > key does not meet validity threshold.
    > WARNING:  Because this public key is not certified with a trusted
    > signature, it is not known with high confidence that this public key
    > actually belongs to: "(KeyID: 0xB693B8AB)".
    > wiping file pgptemp.$00pattern is: 0xffffffff
    > pattern is: 0x333
    > pattern is: 0xaaa
    > pattern is: 0x666
    > pattern is: 0x492
    > pattern is: 0x222
    > pattern is: 0x0
    > pattern is: 0xddd
    > pattern is: 0xffffffff
    > pattern is: 0x924
    > pattern is: 0xb6d
    > pattern is: 0xfff
    > pattern is: 0x999
    > pattern is: 0xffffffff
    > pattern is: 0x249
    > pattern is: 0xeee
    > pattern is: 0x888
    > pattern is: 0xccc
    > pattern is: 0xbbb
    > pattern is: 0x777
    > pattern is: 0x555
    > pattern is: 0xdb6
    > pattern is: 0x6db
    > pattern is: 0x111
    > pattern is: 0x444
    > pattern is: 0xffffffff
    > wiping file pgptemp.$01pattern is: 0xffffffff
    > pattern is: 0x492
    > pattern is: 0x999
    > pattern is: 0xaaa
    > pattern is: 0xb6d
    > pattern is: 0x666
    > pattern is: 0x0
    > pattern is: 0x888
    > pattern is: 0x6db
    > pattern is: 0xbbb
    > pattern is: 0xccc
    > pattern is: 0x924
    > pattern is: 0xddd
    > pattern is: 0xffffffff
    > pattern is: 0xeee
    > pattern is: 0xfff
    > pattern is: 0x249
    > pattern is: 0xdb6
    > pattern is: 0x444
    > pattern is: 0x333
    > pattern is: 0x555
    > pattern is: 0x111
    > pattern is: 0x777
    > pattern is: 0x222
    > pattern is: 0xffffffff
    > pattern is: 0xffffffff
    >
    >
    
    -----BEGIN PGP SIGNATURE-----
    Version: PGP 6.5.8
    Comment: Made with pgp4pine 1.76
    
    iQA/AwUBPOA2c5uKtP8CSC69EQKb+QCg2V7Lsf7wKM2yiSi3jDHAI0FQ2LQAoM/6
    p1ssUdbrGQ1G9FiwE4Nhv4YU
    =ebqg
    -----END PGP SIGNATURE-----
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Mon May 13 2002 - 15:22:16 PDT