View Single Post
  #31 (permalink)  
Old July 2nd, 2012
Lord of the Rings's Avatar
Lord of the Rings Lord of the Rings is offline
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 616
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation

If you are looking for the Security Updaters, see post #38 (can click link) further below. Or use these links: LimeWire Security Updater installers via MediaFire, OR via Sabercat

Not all the Japanese peers are good peers, but that's true for a number of countries I guess. In my connection lists I've posted for people having connection problems, I removed most Japanese hosts, only a few 'if any' left on the list from memory.

I've done the same thing as you at times, continually removed such hosts. If you desperately wanted to get rid of Japanese hosts full stop, you could ban all their ranges. lol I've tried that too.

Just as a note, I find Phex tends to get a nice mix of European and USA hosts. Not sure why LW attracts them, both LW 4 & 5, perhaps because it IS LW. But LW was designed to give some preference to connecting to LW and LW clones (such as Cabos), also for search results. This is a common trait for most gnutella clients to be set to favor their own kind when they can. My Phex just connected to 3 French, 1 UK and 1 USA, then later a 6th ultrapeer.

Here's a funny episode. Whilst using BearShare, I accidentally replaced my hostiles with the original and ... these hosts, each time I removed them they were replaced with more of same ip address or similar, example 3 snaps joined here (all same port, all same shares): snapshots joined. These are in fact what I refer to as Download-BOTs; they attempt to fill all your upload slots. Their program ID's are fake & not what they advertise themselves to be. The security Hostiles file(s) blocks these BOTs (edit: WireShare blocks them by default internally.)

If you have a firewall that can ban ports such as Windows 7 firewall, I guess you could set up a disallow rule for port 6346 but this might also mean the possibility of missing out on some good hosts who are using port 6346 as a static port and not necessarily using Cabos or similar. But I would recommend banning ports 27016 and 7001 for both tcp and udp if you can, only LW spammers use that port. More on spam or bad addresses here Note: the technutopia hostiles document itself is not read by any version of LW 5 due to its older address format layout.

If you want a full list of Japanese ip's I can send you one privately. Or else send you the list I use for blocking many of them. The majority of Japanese ip addresses below the 200.x.x.x range are static and do not change.

Edit: Port Block instructions
I have included some instructions on how to block port 27016 in your firewall (you should also block port 7001.) This example applies to Windows 7 firewall but most 3rd party firewalls will probably have a similar option. (Note: whilst LW 5 might connect to many spammers using port 27016, both LW 4 and FrostWire are total magnets for them.)

For Windows 7 and 8, go to Control Panel, open up Windows Firewall. Click on the Advanced Settings option. Once the Advanced Settings is open, look to the left-side and click on Inbound Rules.
Now, shift your eyes to the right-side of the firewall window and look for the Actions section for Inbound Rules and click on New Rule underneath it.
In the window that appears you will have 4 options for type of rule to add, choose Custom. Then click Next button.
You can either specify All Programs or simply one here. Then click Next button.
Protocol Type drop down menu: select TCP first (later do another identical rule for UDP.) Leave Local port set to All Ports. Then select Specific Ports option for Remote port and type in port 27016 into the port number box. Then click Next.
Set Scope to Any ip address (leave it as it is.) Then click Next.
The next window gives action choice. Check the option to Block the connection. Then cilck Next button.
Check all the options for Domain, Private and Public, then click Next button. This is the final window giving you the choice to name and describe the new rule. Description is optional. Name it something that represents the new rule. I named mine Port Block 27016 TCP then click Finish. I would recommend you do a new equivalent rule also for UDP. It is possible to duplicate a rule, double-click it and then simply change the protocol from TCP to UDP and rename it appropriately.

Port 27016 is not officially used for anything you would ever use it for. Port 27016 spammer hosts tend to use proxy switchers so there is little point in banning their ip's for longer than a week. Port 7001 is used by upload-slot container hostile hosts which not too many people know about, example image snapshots of upload attacks here and here.

How to Force UltraPeer (Better searches whether using Pro or Basic)-win7-firewall-add-port-block.gif (Click sample image to see larger view, click again to see in its own window unless you have pop-up blocker.)
* Sorry, last year I accidentally gave incorrect instructions for this. This is the correct way to block ports for Windows 7+8.

How to Force UltraPeer (Better searches whether using Pro or Basic)-win7-firewall-add-port-blockc.gif * This similar example might even be slightly better.

A Gnutella ip Group Block in Windows 7 or 8 Firewall
Windows 7's firewall has the option for doing a group block. I created one for TCP and UDP. In fact, you only need to do one then duplicate it and change the rule's protocol from TCP to UDP then rename it or alternatively a single rule and set the protocol to All. Sounds easy? Set up a new inbound rule, and set it to Custom in the window that appears. Choose either all programs or LimeWire/FrostWire, etc. path (my sample shows all programs but you can choose a specific program), then all ports. Then start adding the host addresses you wish to add. Then when finished, name the rule. I have created a sample image but note, the sample GiF is a little large in size and has quite a few frames. The advantage of a group block is you could disable it if or when necessary, or simply set it to only apply for LimeWire/FrostWire, etc. in the program/path option. For a good reference for hosts to block in a firewall see
Why would you block these ip's in your firewall? To reduce very high pings directly aimed at your program (such as LW), so the firewall handles it instead. This will mean less lag building up in LW over a period of time. It will also mean less chance of LW being affected by the pinging and drop its performance as a result.

How to Force UltraPeer (Better searches whether using Pro or Basic)-win-7-firewall-group-ip-blockb.gif (sample GiF image 250 KB, click to see in large view) How to Force UltraPeer (Better searches whether using Pro or Basic)-win-7-firewall-group-ip-block-c.gif * (this sample only needs a single rule by using the 'Any' protocol and applied specifically to the program to be used for.)

How to add an ip group block list to Kaspersky Firewall:
Firewall -> Settings -> Network Packets -> select 'Addresses from Group' and click Add -> click Add to add an ip address and continue doing this. After adding all the addresses, name the rule something like 'ip address block list' & click OK. Make sure that rule is still selected in the Network Packets section and select 'Block' at top and 'Any Network Activity' in the middle section. Though you can select the Block option after selecting addresses from group option near beginning of the process.
Later versions of Kaspersky Firewall might look a little different but the process will most likely be the same or similar.

Kaspersky Firewall sample image (click to see sample image)

Outgoing rules?
Why set up outgoing rules to block certain ip ranges instead of only incoming rule blocks? Because if you are sharing files, your program sends your shared files details that correspond to a particular search. Do hostile clients search? Since some hostile clients are known to browse hosts, then chances are they also do searches. Hosts with port - 7001 are known as upload-slot containers, they will download everything you have, they get paid to do this to prevent you sharing to anybody else. Having equivalent outgoing rules may help to slightly reduce some incoming traffic from bad hosts. (I also strongly suspect 'they' have BOTs that search the network and every client they can find.)

Replicating incoming block rules for outgoing rules has an effect of keeping you partially invisible to hostile hosts. This also applies to the ports 27016 and 7001 block rules. I have found the outgoing rule for port 27016 UDP ping count now out-numbers the incoming. And some other blocks now count as zero incoming but high numbers outgoing. This suggests your shares details have been blocked from being sent to 'them' if you also choose to use firewall outgoing block rules. This also helps with reduced spam results, overall better performance without receiving as many pings from the hostile hosts. There was a very noticeable increase in search results (two to three times more than average in initial testing.) If running as an ultrapeer, then leafs in search mode.should arguably be receiving less results from bad hosts via searches that touch your client in any way.

Last edited by Lord of the Rings; February 15th, 2013 at 06:08 AM. Reason: Re-did my Windows 7 port block sample, since my original was incorrect. Added: Outgoing firewall rules a major plus !!!
Reply With Quote