Great answer Ivan, i was going to write the same mail but you did it for me.
One more word of advice: DON'T just run it without checking what it is. It may well be something evil with a benign name. Also, take a search on google for "incident handling" and look into what you should do after getting broken into. I don't want to presume, but you sound like a relative newbie considering that you didn't know netcat. There is a very high (near 100%) chance that the cracker left backdoors and/or data theft software on your machine. If i were in your shoes i would restore to backup or reinstall from clean media. Also consider the fact that your data may be infected. If you have no backups, try to only keep non-executable and non-compilable files. If you have an idea what the guy did, you may not need to worry, but just keep in mind that he may have messed with your stuff. Hope this was a help, badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg ______________ Es gibt 10 arten von Menschen auf dem Planeten, welche die Bin�r verstehen, und welche die es nicht tun. -----Urspr�ngliche Nachricht----- Von: Ivan Coric [mailto:[EMAIL PROTECTED] Gesendet: Friday, July 11, 2003 1:23 AM An: [EMAIL PROTECTED]; [EMAIL PROTECTED] Betreff: Re: cracking tool named 'nc' ? Hi Matt, sounds like netcat, whos binary is "nc". Not sure if its too obvious? run strings against the binary and see the output. If the output ends with- options: -g gateway -G num -h and so on, then its netcat. cheers Ivan Coric IT Technical Security Officer Information Technology WorkCover Queensland Ph: (07) 30066414 Fax: (07) 30066424 Email: [EMAIL PROTECTED] >>> Matt Hunter <[EMAIL PROTECTED]> 07/11/03 04:10am >>> Hi, I recently had my linux worstation broken into. The cracker created a directory and placed two executables in it. One was called 'zap' - which I've since found out is used to clean up log files before the cracker logs out. The other one was called 'nc'. I can't find any information on this program. Does anyone out there know what it's used for? Thanks :) -Matt --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- *************************************************************************** Messages included in this e-mail and any of its attachments are those of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used for the intended purpose only and are to be kept confidential at all times. This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this information should be deleted promptly and the sender notified. This e-mail has been scanned by Sophos for known viruses. However, no warranty nor liability is implied in this respect. ********************************************************************** --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
