Lloyd Bryant wrote: > It's the same behaviour as before - The nodes are sending query hits with > varying IP addresses. For each of these, I get the exact same pattern, until > it hits MAX_WEIRD_MSG and is disconnected with a security violation. So far, > all of the query hits have been for audio files (mp3, wma, m4a). > Note that all of these report the same vendor (Limewire 4.12.8).
This might be faked. What's slightly interesting is that they have deflate disabled. > The 64.62.210.x addresses are Hurricane Electric. The 64.62.214.x addresses > trace back to a "Michael Dillon" using "radianz.com" as an ISP. Where do you see this? Are you sure you didn't make a typo? > The 78.129.136.x addresses seem to belong to "Darkstar Management", with > RapidSwitch as the ISP. Ok, I banned the three ranges now. I've seen some of these myself and LimeWire bans them too. -- Christian ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ gtk-gnutella-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/gtk-gnutella-devel
