Re: Nmap - 3.50 changes mstask.exe?

From: Joshua Levitsky (jlevitsk_at_joshie.com)
Date: 02/27/04

  • Next message: Meritt James: "Re: Releasing patches is bad for security"
    To: <incidents@securityfocus.com>
    Date: Fri, 27 Feb 2004 15:46:31 -0500
    
    

    ----- Original Message -----
    From: <a55mnky@yahoo.com>
    Sent: Friday, February 27, 2004 11:31 AM
    Subject: Nmap - 3.50 changes mstask.exe?

    > Not sure if this is the best list for this, but I am in a bit of a jam.
    >
    > I just downloaded the new NMAP v. 3.50 and ran it on my internal network.
    > My IT manager is freaking out. He says my scan replaced mstask.exe on the
    > machines I scanned.
    >
    > Anybody else seen this behavior?

    What led him to that conclusion? How does he know the source was your
    machine and that the time coincided with your scan? Does the account on
    your machine have admin rights on the machines you scanned? (Just thinking
    if something else on your machine could have copied the bad file to the
    other machines.) Does the mstask.exe have a different date and size and
    such then what should be there? Can you zip and make available the
    mstask.exe somewhere?

    Also did you download NMAP from a particular mirror? Do you still have the
    installer that you downloaded? Can you verify the MD5 checksum on the file
    that it's not somehow modified?

    --
    Joshua Levitsky, MCSE, CISSP
    System Engineer
    http://www.foist.org/
    [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------
    

  • Next message: Meritt James: "Re: Releasing patches is bad for security"