Matt, Like everyone stated, the cracker used netcat unless it is some other program renamed. However, I am very confident that nc is netcat. Netcat has binaries for both UNIX and NT. Netcat is very flexible and very easy to use. Most of the time is used to gain initial access to the machine until the cracker configures your machine to keep access. It is also used as a relay tool to target other machines. It is good that you caught the intrusion. Not everyone can do this unless they have some sort of information security background.
Good luck tracking him/her down and make sure to wipe the machine and reinstall the OS since you do not know what he/she has done to you? If you like, learn to use computer forensic tools and see if you can figure out what they have been up to. If this is an university computer or on an university network, most crackers use these machines for zombies in a DDoS or DoS attack since universities have big pipes into the Internet. Of course, there are many other uses for this attack as well. Happy Hunting! Regards, Greg DeGennaro Jr., CCNP Security Analyst -----Original Message----- From: Matt Hunter [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 11:11 AM To: [EMAIL PROTECTED] Subject: cracking tool named 'nc' ? Hi, I recently had my linux worstation broken into. The cracker created a directory and placed two executables in it. One was called 'zap' - which I've since found out is used to clean up log files before the cracker logs out. The other one was called 'nc'. I can't find any information on this program. Does anyone out there know what it's used for? Thanks :) -Matt --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
