Oh yes I see what you mean. I don't/didn't use WinMX Music on a regular basis and never saw that before. I'm guessing you are using same WinMX Music version as me.
Now, as for WinMX Music showing up as OrangeWire/5.6.2, I'm not sure. I'll need to search around to see if I can get a copy that does. I took snapshots of various clients over recent years, particularly if I saw a new one. Most recent one was one called PeerProject. Anyway, the image I've provided shows versions from snapshots from 2009/10 through to 2012 with the earlier ones nearer the top. I'm wondering if the WinMX Music devs have swapped to the LPE 5.6.2 engine. It appears the program is still updated occasionally. It makes me wonder if it is the same source program and also makes me wonder if it looks the same (like LW4.)
I have not received any notifications about an update for the program. I suffice to say they don't send out notifications for updates.

For me in the past, LW5/LPE, Phex and BearShare 5 show WinMX Music as being WinMX Music under the Vendor/Version display. Throughout this & previous years I've seen many WinMX Music users connected to me. Never seen OrangeWire with exception of what i mentioned earlier.

Attachment 6453

On a side note, make sure you do not use the same port number for WinMX Music as you do for other programs. That might be related to why yours sees a firewall. I removed my router exception due to needing it for something else a few months ago. (It was difficult having so many rules for so many clone versions, since I have a limit to how many router rules I can have.) My WinMX Music always connects very quickly, even when not used for several months.

Oops, just discovered that the address of the OrangeWire you posted falls into a blocked range on the LW Security Blocklist.
Your listing does not show their port number, but it is my guess they use port 7001. Check this page http://www.gnutellaforums.com/open-d...imewire-7.html about half way down, the first black ip addresses you see where I found them via Phex. 66.212.143.104:7001 through to 66.212.143.116:7001
And the one shown uploading from you was 66.212.143.109
All belong to BMI (Broadcast Music, Inc.) and are known for upload slot containment (ie: will try to fill your upload slots & keep them busy, usually going after your largest files or largest collection of files. These are Download-Bots.) Here's my upload window from BearShare Click to see BearShare Upload window. Whilst using Phex I also had problems with same hosts since a year earlier filling my upload slots.

In retrospect, I have doubts the WinMX Music versions you were seeing are official WinMX Music versions but adapted by the anti-file-sharing company to behave like they do (BOTs). Your uploads might not have had more of them because your uploads are super busy anyway & they struggled to get a slot.
I've heard Vista firewall is same as Win XP firewall. If using Win 7 or later, the firewall has the ability to block ports such as 7001 and 27016 and can be set to be only active when using particular programs. (Port forwarding sometimes breaks/by-passes this firewall port block however!)

The security blocklist has ip ranges blocked from 66.211.128.0 through to 66.213.191.255 (these are corporate business ranges, mostly in the entertainment industry.) If you think that's too heavy, you could either use 66.212.0.0/16 or 66.212.143.0/24 if you wish to block them. The port 7001 bots are not spammers AFAIK, their objective is to fill your upload-slots in an attempt to prevent you sharing certain files to others.

My port number for winmx is 38120 ;

limewire 34772 ;

frostwire 4.21.8 is 45630 ;

frostwire 5.6.6 port is 55256 ;

so that is good , all different ;


but i have never selected these ports ; they just appear in the port options after i install any music sharing program .

I have posted the 5 hosts i was connected to when orangewire was downloading ;

which is the suspicious one ????

I cannot ascertain suspicions about the peers you are connected to, only the OrangeWire host you upload to. That address should arguably be blocked. It's used by bots, not regular file-sharers. Either use 66.212.0.0/16 or 66.212.143.0/24 in the WinMX filter ip blocklist if you wish to block them. You could also use either 66.212.*.* or 66.212.143.* instead which is equivalent.

(Edit: The GTK-G (2007) is a browse-BOT you posted in post #16.)

The meaning of BOT, scroll down to the malicious purposes section to get an idea what they are set to do. The BMI bots are designed to fill upload slots & download as much as possible. Other kinds of bots of course include spam-bots and DDoS bots. One type of spam-bot uses port 27016 and is probably the most prolific spammer on the Gnutella network.

Looks like they are all grabbing UPnP ports. If you could be bothered, you could try setting a specific port for WinMX and port forwarding that port with your router's settings.
Just a side note: UDP port checking is often unreliable because packets are often lost, so the program might show as being UDP firewalled when in fact it is not. On the other hand, TCP port tests are usually 100% reliable.

BearShare 5 is a good example of unreliable UDP port tests. The program might show as being UDP firewalled immediately or after an hour but then an hour later be not firewalled. ie: the UDP test packets were lost during testing (not getting a response from the peer it sent the packet to.) BearShare 5 does UDP & TCP port tests periodically, I am not sure about LimeWire & other programs but would probably be similar.
(One other reason for BearShare showing as UDP firewalled when it is not, is it sent the UDP test packets to firewalled hosts.)

I have only blocked 66 212 143 109 to start with , so lets see what happens now ;