This is a modified client, the SAME IP has many ports numbered in sequence.
6350, 6351, 6452, 6353, 6354
Isn't anyone else seeing this or do most of these clients hide the connection list?
If they do, then they are doing you a great disservice, because this attack will make it seem like you can't search for anything!
Checking into it further, it reports as Gnucleus 2.0.0.6, which icould easily be changed, any idiot can change a print statement. And the headers say GnucDNA 1.0.2.4
It then does all the GNUTELLA/0.6 OK stuff and then sends up to 30 small packets of who knows what and just sits there. It doesn't send any searches, which a normal client does do right away.
What makes me think this is a attack is the many port numbers at the same IP address.
Other versions of Gnuc connect just fine, as does bearshare, limewire etc.. so if it's ap roblem with this version of Gnuc, what changed to make it so incompatible?
It smells like an attack to me. Walks like a duck... |