Gnutella Forums

Gnutella Forums (https://www.gnutellaforums.com/)
-   General Gnutella / Gnutella Network Discussion (https://www.gnutellaforums.com/general-gnutella-gnutella-network-discussion/)
-   -   Old client(s), suspicious massive shares (over half a billion shared files) (https://www.gnutellaforums.com/general-gnutella-gnutella-network-discussion/102263-old-client-s-suspicious-massive-shares-over-half-billion-shared-files.html)

Lord of the Rings June 24th, 2013 02:56 PM

Old client(s), suspicious massive shares (over half a billion shared files)
 
1 Attachment(s)
Gnucleus
I don't know if anybody thinks it is suspicious sharing 540,701,806 files for a total of 1830 GB. For one person, wow. But when you connect to two at same time from different countries using the same client and with identical shares, that's when the suspicion really sinks in. One was from Germany and the second one Malaysia (though probably proxies.)

Two leafs connected to BearShare 5.1 beta as the image shows:

Attachment 6415

SHAtella
I have had suspicions for a long time (7 to 8 or so months) about a host from Germany using SHAtella. Large shares, average file size not so big (2,342,666 files, 123 GB always the same.) Highly dynamic address always from Germany but continually connects to me as a peer. In fact I restarted BearShare to get rid of them when I spotted the above Gnucleus leafs connected to me (only for about 5 minutes.)

Check the sample image here for SHAtella: http://www.gnutellaforums.com/sharea...tml#post371651

Not the first time but I had two of these SHAtella's connected to me at same time and with same host address. One port is always 1234, the second does not show. But I find when I remove this host from the connections it bounces back in a much more aggressive fashion than the LW4.21.1(RC) spam versions do. This particular one is incessant and does not give up trying to connect back. And likewise with the port 27016 hosts, a hard push to find its way onto the connection file list. I found 7 port 1234's on one BearShare connection list and 6 on another. I recognise the addresses as being the same host. Strangely several did not have an allocated priority and were zero. I often run more than one BearShare, sometimes 3 and maybe even 4 when I'm feeling brave. And this SHAtella host seems to find its way onto all of them and always listed at the top of the non-BearShare peer connections (edit: same as the port 27016 hosts because their connection & messages are 'always' incoming for more reasons than one - thanks Peerless.) This SHAtella is a 7 days a week host but does not appear to be a 24 hour uptime host (I guess they close down when they knock off work?)

I can only guess SHAtella's aggressive re-connect attempts are due to either the client design or else, multiple hosts from the same address. In much the same way as these examples here and here. The last example being the connection window of BearShare without using the Hostiles (I'd remove the hosts from the connection window and they'd keep returning.)

Just realised one of the ranges the host was using is heavily blocked and only just slipping through and another range with lots of individual listings. All ranges this SHAtella uses I have not sighted other peers using for any other client. All from Berlin, Germany.

The gnutella developers would already be aware of old clients (sometimes masked or masking) being used for spam purposes.


All times are GMT -7. The time now is 01:40 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.