View Single Post
  #19 (permalink)  
Old November 24th, 2013
Lord of the Rings's Avatar
Lord of the Rings Lord of the Rings is offline
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 616
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default

Quote:
Originally Posted by runt66 View Post
I have posted the 5 hosts i was connected to when orangewire was downloading ;

which is the suspicious one ????
I cannot ascertain suspicions about the peers you are connected to, only the OrangeWire host you upload to. That address should arguably be blocked. It's used by bots, not regular file-sharers. Either use 66.212.0.0/16 or 66.212.143.0/24 in the WinMX filter ip blocklist if you wish to block them. You could also use either 66.212.*.* or 66.212.143.* instead which is equivalent.

(Edit: The GTK-G (2007) is a browse-BOT you posted in post #16.)

The meaning of BOT, scroll down to the malicious purposes section to get an idea what they are set to do. The BMI bots are designed to fill upload slots & download as much as possible. Other kinds of bots of course include spam-bots and DDoS bots. One type of spam-bot uses port 27016 and is probably the most prolific spammer on the Gnutella network.

Quote:
Originally Posted by runt66 View Post
My port number for winmx is 38120 ;

limewire 34772 .... but i have never selected these ports ; they just appear in the port options after i install any music sharing program .
Looks like they are all grabbing UPnP ports. If you could be bothered, you could try setting a specific port for WinMX and port forwarding that port with your router's settings.
Just a side note: UDP port checking is often unreliable because packets are often lost, so the program might show as being UDP firewalled when in fact it is not. On the other hand, TCP port tests are usually 100% reliable.

BearShare 5 is a good example of unreliable UDP port tests. The program might show as being UDP firewalled immediately or after an hour but then an hour later be not firewalled. ie: the UDP test packets were lost during testing (not getting a response from the peer it sent the packet to.) BearShare 5 does UDP & TCP port tests periodically, I am not sure about LimeWire & other programs but would probably be similar.
(One other reason for BearShare showing as UDP firewalled when it is not, is it sent the UDP test packets to firewalled hosts.)
Reply With Quote