You may already be aware of this, after doing some network monitoring I found query hit returns of 24K full of "text"!
They came in for my requests, and were also being passed through my node to others (other people's requests).
24K takes up a lot of bandwidth when you are on a modem, you only have about 5K in and 1K out. The packets repeated for different word queries, looks like someone thinking they can slow down the network via flooding.
I can't drop the packet because it's coming down the Gnet,.
The packets always seemed to be the same size but nothing says they can't do a little more work and make them variable.
The text content was like text from a book, it just went on and on and on about nothing. It tried to look like XML so it can pass through.
Clients should monitor for this, let the user know somehow, and should have a way to set a drop the node limit (with suggested size) so a user can set it just a few bytes below the typical offending packet.
The problem with dropping a node is a big attack like this could disrupt the whole Gnet.

The real solution: Make a connection option for Gnet that packetizes Gnet data with the ability to send a "cancel" message at any time so the sending node stops sending that packet, or even better, send a "block this guid" message so that node knows not to send any more packets to you from that guid. Then you don't have to drop the node connection.