Christian Bierre wrote: > > Lloyd Bryant wrote: >> It's the same behaviour as before - The nodes are sending query hits with >> varying IP addresses. For each of these, I get the exact same pattern, until >> it hits MAX_WEIRD_MSG and is disconnected with a security violation. So far, >> all of the query hits have been for audio files (mp3, wma, m4a). > >> Note that all of these report the same vendor (Limewire 4.12.8). > > This might be faked. What's slightly interesting is that they have deflate > disabled. > >> The 64.62.210.x addresses are Hurricane Electric. The 64.62.214.x addresses >> trace back to a "Michael Dillon" using "radianz.com" as an ISP. > > Where do you see this? Are you sure you didn't make a typo?
I checked my shell history - it *was* a typo (I had typed 65 instead of 64). That'll teach me to try doing things when I'm not entirely awake. So the 64.62.214.x range is also Hurricane. > >> The 78.129.136.x addresses seem to belong to "Darkstar Management", with >> RapidSwitch as the ISP. > > Ok, I banned the three ranges now. I've seen some of these myself and > LimeWire bans > them too. > Lloyd B. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ gtk-gnutella-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/gtk-gnutella-devel
