Sourcefire RNA has default compliance checks for p2p traffic, so you can easily be alerted for any such traffic.
;) __________________________________ Albert R. Campa On Thu, Oct 8, 2009 at 9:17 AM, Michael Douglas <[email protected]> wrote: > > I am wondering what P2P clients are capable of displaying the source IP > address of the client sharing files > > Most of the Gnutella P2P clients will allow you to see what IP a file > is being shared from. However, I've found that this gets tedious > really fast. What OS(s) do you have at your disposal? I can suggest > some clients based on that. > > > > > more importantly, how I can do a P2P search for any files coming from a > particular source IP address/range? > > At present, I've been doing port sweeps with nmap (6346 & 6347 and > sometimes 80) to see if a host is running a gnutella client within a > specific IP range. From there, simply connect to the IP to see what > files they are sharing. With some scripts, I've been able to make > this process OKish. > > > Larry and I had a brainstorming session on what our next steps are to > smooth out the rough parts of p2p discovery work. We're in > requirements gathering/refinement on a proof-of-concept white hat tool > which should help ease some P2P concerns. So if you have any > suggestions, do let us know. > > > Danke! Merci! Asanti! > - Mick > > > > On Thu, Oct 8, 2009 at 8:42 AM, Brian Judd <[email protected]> wrote: > > Back in show 154, there was a great presentation on using P2P to discover > > information. One of the guys made a comment about using P2P during > > penetration testing and audits to discover information leakage. I am > > wondering what P2P clients are capable of displaying the source IP > address > > of the client sharing files or more importantly, how I can do a P2P > search > > for any files coming from a particular source IP address/range? > > > > > > > > I have three class C blocks of public IP addresses that I would like to > > determine whether any are being used to share files. > > > > > > > > Thanks. > > > > > > > > Brian > > > > This message (including any attachments) may contain confidential > > information and is intended only for the individual to which it is > > addressed. If you are not the intended recipient, please delete this > message > > and contact the sender. You are also hereby notified that any review, > > disclosure, copying, or distribution of this message, or the taking of > any > > action based on it, is prohibited. > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
