Assess P2P protocol implementation

[glaslos]

Have a look into various bots using P2P protocols for communication. What do we need to have in place so one can replicated the communication?

[adepasquale]

I hope to be able to get a .pcap from a ZeuS P2P variant to do some analysis.

[glaslos]

Let me know if you have issues getting a PCAP, I have access to this sort of stuff :)

[pjlantz]

Andrea, are you currently working on this task or investigating it?
Just to be sure we do not work on the same stuff. Same question regarding HTTP protocol task.

[adepasquale]

I've got two different PCAPs from nearly 3 weeks ago, they're mostly UDP traffic with some minor TCP one on high ports. Unfortunately I haven't found out some time to analyze them more in-depth, but I hope to have something ready by the end of next week.

[glaslos]

if you have some time, you can run the through http://www.netzob.org/ would be interesting if we get any usable information from it.

[adepasquale]

I'm working on it using netzob. Hopefully I'll end up with at least a decent wireshark dissector.

[glaslos]

Let me know if you get any usable information. I can also share PCAP's if you need.

[glaslos]

Moving this to milestone 1.1 as we haven't decided how we want to proceed regarding P2P protocol support

[adepasquale]

Ok, I'm sorry for the delays.

[glaslos]

No rush.

[adepasquale]

Brilliant work done by the CERT Polska here: http://www.cert.pl/PDF/2013-06-p2p-rap_en.pdf