View Single Post
  #2 (permalink)  
Old January 12th, 2014
Lord of the Rings's Avatar
Lord of the Rings Lord of the Rings is offline
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 663
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default

Quote:
Originally Posted by Lord of the Rings View Post
...
Edit: 9+10 Jan 2014. Seems I found another two bots in the 50.58.238.x. range (this one is supposedly a static ip). I was listing all the hosts I was connecting to over a period of time. Seems a dozen & half of same ip address, just different port (between 6000-7000) but all LimeWire/4.12 (Pro), (no specific 4.12 sub-version, which suggests it is a fake ID, especially since LW 5 versions supposedly do not connect to versions below LW 4.14). I was connected to 4-7+ of these at a time whilst being a peer using LPE.
I'm aware GTK is not interested in bot listings to block, so I'll simply add it to the bot lists I've added to the BS & LW blocklists. I'm not 100% certain but seems same ip as the one that browsed me immediately I connected to the network, and same host address as did so on multiple occasions in early Jan & mid-late December. There was a previous individual listing in the hostiles for this /24 sub-range (which I added in 30 August 2012), which now makes 3.
Recorded as bot ip's.
...
I didn't keep a list of all these connections but of the 9 ports I saw used today varied between 6509-6599.
The evidence these are bad hosts via BearShare 5.1's console logs:

Peer in 50.58.238.243 ("LimeWire/4.12 (Pro)" 777 msgs) sending query with invalid address embedded in GUID field (192.168.1.123:7000).
Peer in 50.58.238.243 ("LimeWire/4.12 (Pro)" 620 msgs) sending query with invalid address embedded in GUID field (192.168.1.123:6561).
Peer in 50.58.238.243 ("LimeWire/4.12 (Pro)" 212 msgs) sending query with invalid address embedded in GUID field (192.168.1.123:6562).
Peer in 50.58.238.243 ("LimeWire/4.12 (Pro)" 624 msgs) sending query with invalid address embedded in GUID field (192.168.1.123:6518).
Peer in 50.58.238.243 ("LimeWire/4.12 (Pro)" 4 msgs) sending query with invalid address embedded in GUID field (192.168.1.123:6575).
Peer in 50.58.238.243 ("LimeWire/4.12 (Pro)" 544 msgs) sending query with invalid address embedded in GUID field (192.168.1.123:6564).

When will GTK-Gnutella 1.0.1 for MacOSX be released? And does GTK have a default port?-spam-host-50-via-bs5.png (small attached image to the left)

I connected to multitudes of them. Not forgetting their id must be fake because LW 5 versions do not connect to versions older than LW 4.14, which happened on several days prior to today.
The above constant messages stopped after I added the block of the address to the hostiles & restarted BearShare. (twice)

Edit: 16 January: 50.58.238.131 with identical port ranges is still active (added in 2012.)
Reply With Quote