buttinsky icon indicating copy to clipboard operation
buttinsky copied to clipboard
verified publisher icon mushorg

Assess P2P protocol implementation

Open glaslos opened this issue 13 years ago • 11 comments

Have a look into various bots using P2P protocols for communication. What do we need to have in place so one can replicated the communication?

glaslos avatar Oct 02 '12 10:10 glaslos

I hope to be able to get a .pcap from a ZeuS P2P variant to do some analysis.

adepasquale avatar Jan 06 '13 20:01 adepasquale

Let me know if you have issues getting a PCAP, I have access to this sort of stuff :)

glaslos avatar Jan 07 '13 08:01 glaslos

Andrea, are you currently working on this task or investigating it? Just to be sure we do not work on the same stuff. Same question regarding HTTP protocol task.

pjlantz avatar Jan 31 '13 08:01 pjlantz

I've got two different PCAPs from nearly 3 weeks ago, they're mostly UDP traffic with some minor TCP one on high ports. Unfortunately I haven't found out some time to analyze them more in-depth, but I hope to have something ready by the end of next week.

adepasquale avatar Jan 31 '13 08:01 adepasquale

if you have some time, you can run the through http://www.netzob.org/ would be interesting if we get any usable information from it.

glaslos avatar Feb 28 '13 09:02 glaslos

I'm working on it using netzob. Hopefully I'll end up with at least a decent wireshark dissector.

adepasquale avatar Mar 04 '13 23:03 adepasquale

Let me know if you get any usable information. I can also share PCAP's if you need.

glaslos avatar Mar 05 '13 09:03 glaslos

Moving this to milestone 1.1 as we haven't decided how we want to proceed regarding P2P protocol support

glaslos avatar Apr 17 '13 21:04 glaslos

Ok, I'm sorry for the delays.

adepasquale avatar Apr 17 '13 21:04 adepasquale

No rush.

glaslos avatar Apr 17 '13 22:04 glaslos

Brilliant work done by the CERT Polska here: http://www.cert.pl/PDF/2013-06-p2p-rap_en.pdf

adepasquale avatar Jun 09 '13 17:06 adepasquale