> I am wondering what P2P clients are capable of displaying the source IP 
> address of the client sharing files

Most of the Gnutella P2P clients will allow you to see what IP a file
is being shared from.  However, I've found that this gets tedious
really fast.  What OS(s) do you have at your disposal?  I can suggest
some clients based on that.



> more importantly, how I can do a P2P search for any files coming from a 
> particular source IP address/range?

At present, I've been doing port sweeps with nmap (6346 & 6347 and
sometimes 80) to see if a host is running a gnutella client within a
specific IP range.  From there, simply connect to the IP to see what
files they are sharing.  With some scripts, I've been able to make
this process OKish.


Larry and I had a brainstorming session on what our next steps are to
smooth out the rough parts of p2p discovery work.  We're in
requirements gathering/refinement on a proof-of-concept white hat tool
which should help ease some P2P concerns.  So if you have any
suggestions, do let us know.


Danke! Merci! Asanti!
- Mick



On Thu, Oct 8, 2009 at 8:42 AM, Brian Judd <[email protected]> wrote:
> Back in show 154, there was a great presentation on using P2P to discover
> information.  One of the guys made a comment about using P2P during
> penetration testing and audits to discover information leakage.  I am
> wondering what P2P clients are capable of displaying the source IP address
> of the client sharing files or more importantly, how I can do a P2P search
> for any files coming from a particular source IP address/range?
>
>
>
> I have three class C blocks of public IP addresses that I would like to
> determine whether any are being used to share files.
>
>
>
> Thanks.
>
>
>
> Brian
>
> This message (including any attachments) may contain confidential
> information and is intended only for the individual to which it is
> addressed. If you are not the intended recipient, please delete this message
> and contact the sender. You are also hereby notified that any review,
> disclosure, copying, or distribution of this message, or the taking of any
> action based on it, is prohibited.
> _______________________________________________
> Pauldotcom mailing list
> [email protected]
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Reply via email to