Interesting clients found in the BitTorrent DHT

The specification for identifying mainline clients is the "v" key in the root dictionary of every message.

IP Address Key

Various clients send you an "ip" key, to helpfully convince you what your external ip and port are.

Obviously evil (or just plain buggy) clients will try to convince you otherwise.

These are in the wild. I noticed a South Korean client that claimed that it was a uTorrent client (UTz\xAD) that: 

            114.200.XX.XX:345YY v:UTz\xAD is trying to convince me I'm: 114.200.XX.XX:440ZZ

The port was correct, but the ip was the buggy/malicious clients own. 

A Vietnamese 'uTorrent' client (UTy\xA3) claimed that I was, which while it had the port correct, thought I was on an internal network.

            113.182.XX.XX:44XXX v:UTy\xA3 is trying to convince me I'm:

Other UTy\xA3 clients claimed similar nonsense

A US client thinks I'm in Belgium and one from Pakistan thinks I'm on its LAN.

            50.33.XX.XX:10XXX v:UTy\xA3 is trying to convince me I'm: 94.224.YY.YY:440ZZ

            182.186.XX.XX:47XXX v:UTy\xA3 is trying to convince me I'm:



Tokens are passed with each message, to supposedly help identify each message. Many clients just don't bother making this meaningful.

Some variations that I've noticed:

Odd Hashes

There appears to be an oddity with some clients identifying as UT (Mostly UTy\xA3) requesting find_node with the following pattern:


It's statistically improbable that you'd want to look for an node like this.