P2P Pentesting

[rgula at tenablesecurity.com (Ron Gula)]

Brian Judd wrote:
> Back in show 154, there was a great presentation on using P2P to
> discover information.  One of the guys made a comment about using P2P
> during penetration testing and audits to discover information leakage. 
> I am wondering what P2P clients are capable of displaying the source IP
> address of the client sharing files or more importantly, how I can do a
> P2P search for any files coming from a particular source IP address/range?
>
>  
>
> I have three class C blocks of public IP addresses that I would like to
> determine whether any are being used to share files. 

If you scan these with Nessus, it will not only identify P2P
applications that have a service that can be identified, but it will
also look at various file sharing (SMB) methods and let you know which
ones have office files, movies, music, .etc.

On the sniffing side, there are a lot of NIDS and NBADs that will detect
this sort of stuff in real time. Tenable's Passive Vuln Scanner will
identify P2P clients, but will also identify which web servers host
PDFs, office docs and so on.

-- 
Ron Gula, CEO
Tenable Network Security