PaulDotCom mailing list archives
P2P Pentesting
From: abcampa at gmail.com (Albert R. Campa)
Date: Thu, 8 Oct 2009 10:11:24 -0500
Sourcefire RNA has default compliance checks for p2p traffic, so you can easily be alerted for any such traffic. ;) __________________________________ Albert R. Campa On Thu, Oct 8, 2009 at 9:17 AM, Michael Douglas <mick at pauldotcom.com> wrote:
I am wondering what P2P clients are capable of displaying the source IPaddress of the client sharing files Most of the Gnutella P2P clients will allow you to see what IP a file is being shared from. However, I've found that this gets tedious really fast. What OS(s) do you have at your disposal? I can suggest some clients based on that.more importantly, how I can do a P2P search for any files coming from aparticular source IP address/range? At present, I've been doing port sweeps with nmap (6346 & 6347 and sometimes 80) to see if a host is running a gnutella client within a specific IP range. From there, simply connect to the IP to see what files they are sharing. With some scripts, I've been able to make this process OKish. Larry and I had a brainstorming session on what our next steps are to smooth out the rough parts of p2p discovery work. We're in requirements gathering/refinement on a proof-of-concept white hat tool which should help ease some P2P concerns. So if you have any suggestions, do let us know. Danke! Merci! Asanti! - Mick On Thu, Oct 8, 2009 at 8:42 AM, Brian Judd <bjudd at synercomm.com> wrote:Back in show 154, there was a great presentation on using P2P to discover information. One of the guys made a comment about using P2P during penetration testing and audits to discover information leakage. I am wondering what P2P clients are capable of displaying the source IPaddressof the client sharing files or more importantly, how I can do a P2Psearchfor any files coming from a particular source IP address/range? I have three class C blocks of public IP addresses that I would like to determine whether any are being used to share files. Thanks. Brian This message (including any attachments) may contain confidential information and is intended only for the individual to which it is addressed. If you are not the intended recipient, please delete thismessageand contact the sender. You are also hereby notified that any review, disclosure, copying, or distribution of this message, or the taking ofanyaction based on it, is prohibited. _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091008/b82dc951/attachment.htm
Current thread:
- P2P Pentesting Brian Judd (Oct 08)
- P2P Pentesting Larry Pesce (Oct 08)
- P2P Pentesting Michael Douglas (Oct 08)
- P2P Pentesting Albert R. Campa (Oct 08)
- P2P Pentesting Ron Gula (Oct 08)
- <Possible follow-ups>
- P2P Pentesting Butturini, Russell (Oct 08)