Thread: Fake host detecting
View Single Post
  #2 (permalink)  
Old January 4th, 2008
GregorK GregorK is offline
Phex Developer
  
Join Date: May 8th, 2001
Location: Stuttgart, Germany
Posts: 988
GregorK is flying high
Default
There are various ways to detect fake hosts or better host IPs that either temporarily or permanently distribute fake content.
One of the most easiest is to search for random character sequences that just don't form a valid word. Other ways are to check against bitzi if the file hashes are known to be fakes. Also it is suspicious if you get various results from host all coming from the same class C subnet, or with IPs very close together. Also if you like to dig deeper into the Gnutella protocol you could look for certain message package characteristics that give you hints about fake content.

Gregor
__________________
Reply With Quote