KadNap is a sophisticated peer-to-peer design based on Kademlia, a network structure that uses distributed hash tables to conceal the IP addresses of command-and-control servers
How I would love to have enough Networking knowledge to be able to dismantle this system.
I’m a network engineer and I’m not entirely sure what’s going on. The ip addresses would be visible at some point or it wouldn’t work. I assume they’ve done the simple thing and ran a packet capture but a good chance it’s running through VPN so who knows
I assume the goal is to make it so the c2 server(s) are basically indistinguishable from any other node, perhaps by making much more inter-node traffic than is strictly necessary. Couple this with almost all the participating IP addresses belonging to innocent parties (since it’s malware) and I’m not sure how one would identify the true origin of commands
How I would love to have enough Networking knowledge to be able to dismantle this system.
I’m a network engineer and I’m not entirely sure what’s going on. The ip addresses would be visible at some point or it wouldn’t work. I assume they’ve done the simple thing and ran a packet capture but a good chance it’s running through VPN so who knows
I assume the goal is to make it so the c2 server(s) are basically indistinguishable from any other node, perhaps by making much more inter-node traffic than is strictly necessary. Couple this with almost all the participating IP addresses belonging to innocent parties (since it’s malware) and I’m not sure how one would identify the true origin of commands
Holy shit I hadn’t read that name since the eMule days