Hi there, i found a strange looking file in my /usr/bin directory... The file is called: 5n0r7. I'm running SuSE Pro 7.0. Maybe this is a trojan/backdoor program? I portscanned my machine with nmap and found Port 20011 open... Does anybody know about such an trojan? thanks, Jan [?][!] newtention technologies gmbh // rathausallee 72-76 // 22846 norderstedt mailto: jan@newtention.de // http://www.newtention.de phone: 040-5 54 45 89 - 3 // mobil: 0178-4777948 // fax: 040-5 54 45 89 - 9 ----- party, n.: A gathering where you meet people who drink so much you can't even remember their names.
i think i found the answer myself.... 5n0r7 is a snort log analyzer..... and
port 20011 is because of netatalk.....
Jan
----- Original Message -----
From: "Jan Räther"
Hi there,
i found a strange looking file in my /usr/bin directory... The file is called: 5n0r7. I'm running SuSE Pro 7.0. Maybe this is a trojan/backdoor program? I portscanned my machine with nmap and found Port 20011 open... Does anybody know about such an trojan?
thanks,
Jan
[?][!] newtention technologies gmbh // rathausallee 72-76 // 22846 norderstedt mailto: jan@newtention.de // http://www.newtention.de phone: 040-5 54 45 89 - 3 // mobil: 0178-4777948 // fax: 040-5 54 45 89 - 9
----- party, n.: A gathering where you meet people who drink so much you can't even remember their names.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
i think i found the answer myself.... 5n0r7 is a snort log analyzer..... and port 20011 is because of netatalk.....
Jan
Yes... You find out with `rpm -qlav|grep 5n0r7´.
port 20011 is held open by the process isdnlog from your isdn-subsystem.
Roman.
--
- -
| Roman Drahtmüller
participants (2)
-
Jan Räther
-
Roman Drahtmueller