Hi,

I've noticed a single host and another /24 network with suspicious behaviour.
I didn't notice this just yesterday. This has been going on for about two
weeks at least. These hosts do two things:

- Anonymously *polling* GWebCaches for hosts
- Offering fake search results

The former was noticed at first and it could have been a bug or something. I
discovered the latter rather accidently by looking at the IP addresses of
suspicious search results which came in *very* soon after connecting so these
must be very present in the network already. I suggest to add these to the
list of hostile addresses. You should be able to verify this for yourself.

207.234.131.147
38.118.155.0/24

The latter is probably a network of a anti-P2P firm. I've downloaded some
files and they're all crippled. The hosts in this network announce each other
as alternate source, so downloads are pretty fast. Yay! In the search results
they identify each as LimeWire but when downloading something they identify
as Gnucleus 2.0.1.0 (GnucDNA 1.0.2.6). I wasn't searching for any RIAA popshit
but they obviously return results for any search that includes *one* of the
configured buzz words. Very funny, these people offer scum you don't want
to have in the first place and if you download it out of curiousity, they'll
add you to their statistics of "would-be-customers".

--
Christian