Fake poisoning servents I am running gtk-gnutella 1.1.9 as ultrappeer (UP) under Linux. I enjoy keeping an eye on Gnutella network. During March-May 2016 I noticed my UP cache approaching 0 servents and the number of UP connections very low (around 10/50).
At first I thought about issues with my internet provider doing some sort of filtering so that I could not connect or receive connections from other UPs. Lately I noticed that my servent was connecting to some strange servents with vendor string "PyGnutella/0.1". I did some research and found out that PyGnutella is an old and unmaintained Python library for Gnutella, not a working client. Then I noticed that all these PyGnutella connections were coming from a single group of IP addresses: 154.45.216.* (see screenshots). These servents had a very low uptime and kept connecting and disconnecting.
One day these PyGnutella servents were no longer in my network connections list and suddenly the number of UP connections was again higher and my UP cache filling up again.
I suppose that these PyGnutella are fake servents who try to disrupt Gnutella functioning, performing a sort of "cache poisoning attack".
Any idea? |