View Single Post
  #2 (permalink)  
Old May 22nd, 2016
Lord of the Rings's Avatar
Lord of the Rings Lord of the Rings is offline
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 664
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default

From my own experience I can only give you a limited possible answer of what I know because I've been away for a month & won't return until end of the week.
I've seen PyGnutella before but I don't believe for quite some time.
From your snapshots, it does appear to be a BOT and possibly a browser based BOT that can switch program ID on the fly.

Have you checked your console connection logs to see if there's anything else odd about these PyGnutella connections and any messages they send?
You might need to cross-check their ip addresses to be sure it's the same host as they might identify in a different manner at various points in time.

If it were really such an old app, then we might assume it seeks GWC support. I'm only aware of one GWC that might support an app of that age.

I have been highly dubious about the 154. range. The original BearShare hostiles file had it completely blocked. Earlier in the year I unblocked a few small ranges as a test after finding some GTK-G. hosts within it (unless I'm confusing with the 104. range.) But what makes me suspicous about these hosts is that they all use the same connection port and all via the same internet service provider (I suspect it's not a standard public service provider), including one in the 108. range. But the GTK-G issue is a little off-topic. The 154 range also includes web service rentals. The 154 range is mostly USA with certain slithers of European ranges.
Reply With Quote