adepasquale
commented
11 years ago I hope to be able to get a .pcap from a ZeuS P2P variant to do some analysis.
Open glaslos opened 11 years ago
adepasquale
commented
11 years ago I hope to be able to get a .pcap from a ZeuS P2P variant to do some analysis.
glaslos
commented
11 years ago Let me know if you have issues getting a PCAP, I have access to this sort of stuff :)
pjlantz
commented
11 years ago Andrea, are you currently working on this task or investigating it? Just to be sure we do not work on the same stuff. Same question regarding HTTP protocol task.
adepasquale
commented
11 years ago I've got two different PCAPs from nearly 3 weeks ago, they're mostly UDP traffic with some minor TCP one on high ports. Unfortunately I haven't found out some time to analyze them more in-depth, but I hope to have something ready by the end of next week.
glaslos
commented
11 years ago if you have some time, you can run the through http://www.netzob.org/ would be interesting if we get any usable information from it.
adepasquale
commented
11 years ago I'm working on it using netzob. Hopefully I'll end up with at least a decent wireshark dissector.
glaslos
commented
11 years ago Let me know if you get any usable information. I can also share PCAP's if you need.
glaslos
commented
11 years ago Moving this to milestone 1.1 as we haven't decided how we want to proceed regarding P2P protocol support
adepasquale
commented
11 years ago Ok, I'm sorry for the delays.
glaslos
commented
11 years ago No rush.
adepasquale
commented
11 years ago Brilliant work done by the CERT Polska here: http://www.cert.pl/PDF/2013-06-p2p-rap_en.pdf
Have a look into various bots using P2P protocols for communication. What do we need to have in place so one can replicated the communication?