Assistance with interepretation Alerts P2P: BitTorrent:DHT
54041057 last edited by
This may be the wrong place for a question of this type, but I was wondering if anyone has come across this before. I’m getting a number of alerts P2P: BitTorrent:DHT from machines in India, just a single alert, when the machine boots, normal disregard as a false positive.
I was just interested to know if anyone thinks or has seen as a P2P worm infection, no P2P clients exist on the workstation, the captured packets do look like P2P traffic and destination domains are pretty much random.
What a good source for analysis help