1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Trojan On Satori-4.0 v2.07.1.sv WRT54G!?!?

Discussion in 'Sveasoft Firmware' started by gbhnjm, Aug 5, 2005.

  1. gbhnjm

    gbhnjm Guest

    I'am just wondering, Why is it everytime that I scan my router using LanSpy, I get this:

    (copy/paste/browser) Angelfire doesn't support direct linking
    http://www.angelfire.com/pro/gnikcah/Router_Scan.bmp

    LanSpy can be obtain here (Only for Windows 2000/XP/2003): http://www.lantricks.com/files_e.php#load_lanspy

    BUT when I tried, (nmap -A -sU -p 3127 xxx.xxx.xxx.xxx) on a Linux system, nothing shows that the port is open.

    Check it out and scan to see if you got it.

    My configurations
    I have DMZ (disable), no Port Forwarding to any computer.
    I scaned all my other PCs to make sure that the trojan is not in any PC.

    Question is now, why is it there?
    Is it just a .pid file or is the trojan really in my router?
    It's a Linux Router so why is there a Windows Trojan?

    Also, I can't seem to eliminate all the crap that my LanSpy Scan showed, like getting rid of all the Microsoft UDP banners.
    Are there files in the router that I can remove so that the scan will not reveal my banners?

    Need help

    Thanks in advance :)
     
  2. littlewhoo

    littlewhoo Network Guru Member

    You have already answered the question yourself. Of course there is no Windows Trojan on your Linux router.

    Also most of the other UDP services listed can't run on your router (MySQL Server, Halflife, Netbios...). Probably these services are running on your PC and not on your router (if they are present at all). It seems, that only the TCP results (22: dropbear SSH, 80 WRT54G webinterface) are correct.

    I think nmap is much more reliable than Lanspy (there is also a Windows version of nmap).
     

Share This Page