Very interesting to see that you recorded the same attack about 2 years ago. I am very curious to understand how these bot works and what is the aim of those who run them for such a long time. I am pretty sure that these bot perform some sort of cache poisoning, spreading fake addresses/ports in order to prune off connections and hamper Gnutella functioning. Maybe they are persistently run by RIAA fellows?
For sure this IP range should be included in hostiles.txt