PaulDotCom mailing list archives
P2P Pentesting
From: rgula at tenablesecurity.com (Ron Gula)
Date: Thu, 08 Oct 2009 16:28:49 -0400
Brian Judd wrote:
Back in show 154, there was a great presentation on using P2P to discover information. One of the guys made a comment about using P2P during penetration testing and audits to discover information leakage. I am wondering what P2P clients are capable of displaying the source IP address of the client sharing files or more importantly, how I can do a P2P search for any files coming from a particular source IP address/range? I have three class C blocks of public IP addresses that I would like to determine whether any are being used to share files.
If you scan these with Nessus, it will not only identify P2P applications that have a service that can be identified, but it will also look at various file sharing (SMB) methods and let you know which ones have office files, movies, music, .etc. On the sniffing side, there are a lot of NIDS and NBADs that will detect this sort of stuff in real time. Tenable's Passive Vuln Scanner will identify P2P clients, but will also identify which web servers host PDFs, office docs and so on. -- Ron Gula, CEO Tenable Network Security
Current thread:
- P2P Pentesting Brian Judd (Oct 08)
- P2P Pentesting Larry Pesce (Oct 08)
- P2P Pentesting Michael Douglas (Oct 08)
- P2P Pentesting Albert R. Campa (Oct 08)
- P2P Pentesting Ron Gula (Oct 08)
- <Possible follow-ups>
- P2P Pentesting Butturini, Russell (Oct 08)