Assistance with interepretation Alerts P2P: BitTorrent:DHT



  • This may be the wrong place for a question of this type, but I was wondering if anyone has come across this before. I’m getting a number of alerts P2P: BitTorrent:DHT  from machines in India, just a single alert, when the machine boots, normal disregard as a false positive.

    I was just interested to know if anyone thinks or has seen as a P2P worm infection, no P2P clients exist on the workstation, the captured packets do look like P2P traffic and destination domains are pretty much random.

    Thanks

    What a good source for analysis help
    Capture P2P alert.JPG


 

26
Online

38.4k
Users

12.7k
Topics

44.5k
Posts