Re: gw.ocg-corp.com

From: Jordan K Wiens (jwiensat_private)
Date: Mon May 13 2002 - 14:54:58 PDT

Next message: Christian Vogel: "Re: gw.ocg-corp.com"

Previous message: Chip McClure: "Re: gw.ocg-corp.com"
In reply to: netscienceat_private: "gw.ocg-corp.com"
Next in thread: Christian Vogel: "Re: gw.ocg-corp.com"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've seen a ton of those hits as well.  The software that is doing the
spidering can be downloaded here:
http://larbin.sourceforge.net/index-eng.html

Always entertaining is to follow links like:
http://IP.OF.LARBIN:8081/
Get all sorts of neat stats on the crawler.

Especially good is:
http://aa.bb.cc.dd:8081/ip.html
Which is fun for finding random links or seeing where the crawler is going.

Not really sure what they're doing with the data from this thing, or what
it's after, but I have seen it as well.  The most interesting thing about
it is the WinampMPEG string.  The crawler will hit up and (I suppose)
follow robots.txt files, at least it looks like it does from my logs of
larbin crawls.

-- 
Jordan Wiens
UF Network Incident Response Team
(352)392-2061

On Mon, 13 May 2002 netscienceat_private wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> gw.ocg-corp.com - - [12/May/2002:20:29:08 -0400] "GET / HTTP/1.0" 200 18141 "-" "Opera/6.01 larbin2.6.2at_private"
> gw.ocg-corp.com - - [12/May/2002:20:31:04 -0400] "GET / HTTP/1.0" 200 18141 "-" "WinampMPEG/2.00 larbinat_private"
>
> Anyone know who or what this is gw.ocg-corp.com been running rampant through the logs the past 72 hours, following links even with noindex applied, no info on any google searches except last few days indexing same, no whois, nothing. Been snooping around the site over and over again, all pages, using different user agents in the last 72 hours.
>
> Annoying as hell
>
>
> ..
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.1
> Note: This signature can be verified at https://www.hushtools.com
>
> wl4EARECAB8FAjzgMyYYHG5ldHNjaWVuY2VAaHVzaG1haWwuY29tAAoJECFLG0i2k7ir
> NhQAl3ZWuDE9OBKEEbZLyOr2AGcI4TEAn1BxSYp3+CW1QE9yu/Btzi60RJGH
> =WTBP
> -----END PGP SIGNATURE-----
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Christian Vogel: "Re: gw.ocg-corp.com"
Previous message: Chip McClure: "Re: gw.ocg-corp.com"
In reply to: netscienceat_private: "gw.ocg-corp.com"
Next in thread: Christian Vogel: "Re: gw.ocg-corp.com"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 13 2002 - 15:23:44 PDT