[lug] Odd web robot behavior

[Warren Sanders]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Forgot to add this tidbit:

  nmap -O 65.102.23.153

Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
Interesting ports on  (65.102.23.153):
(The 1551 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh
199/tcp    open        smux
3128/tcp   open        squid-http

Remote operating system guess: Linux Kernel 2.4.0 - 2.4.17 (X86)
Uptime 85.020 days (since Mon Jul 22 10:42:41 2002)

Nmap run completed -- 1 IP address (1 host up) scanned in 59 seconds

Warren Sanders wrote:
> I have a family photo gallery with tons of photos.  Just noticed (live) 
> strange robotic behaviors.  I'm getting requests for images that looks 
> normal but then I notice different IP addresses in the same network and 
> different OS/browsers for each IP.  My PostNuke is only reporting 1 
> guest online proving that it's just one person.  The traffic is 
> requesting one image after the other and in order... just four different 
> IP's and four different OS/Browsers:
> 
> 65.102.23.169 - - "Mozilla/5.0 (compatible; Konqueror/2.1.2; X11)"
> 65.102.12.225 - - "Mozilla/4.0 (compatible; MSIE 4.0; Windows 95)"
> 65.102.23.161 - - "Mozilla/4.0 (compatible; MSIE 5.0; Mac_PowerPC)"
> 65.102.23.153 - - "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
> 
> I can stop the web server for about 5 minutes and restart... this guy 
> continues where it left off within a few seconds!
> 
> Anyone know about this kind of behavior?
> 
> Cheers!

_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
Join us on IRC: lug.boulder.co.us port=6667 channel=#colug

- -- 
Warren Sanders
http://MontanaLinux.Org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iD8DBQE9rFL22/99byU+bbQRAg1zAJ0e5VpwPHPh86HAGeUM/DSl+5u3SACgib2M
pe1tID6+98+hf54tEnPU+6M=
=Qkpi
-----END PGP SIGNATURE-----