Re: Nmap - 3.50 changes mstask.exe?

From: Max (security_at_webwizarddesign.com)
Date: 02/27/04

  • Next message: Dan Drinnon: "Re: Nmap - 3.50 changes mstask.exe?" 
    To: incidents@securityfocus.com
Date: Fri, 27 Feb 2004 16:38:40 +0500

    Huh? :)

    Impossible for nmap to do this .. I guess someone could get the
    nmap source and somehow alter it so it exploited some vulnerability in
    Windows to do this, but that seems like a reaaaal long shot! :)

    Where did you download nmap from? What proof does he have that nmap
    did this? What was mstask.exe replaced by? How does your boss think
    nmap did this?

    <kidding>
    Was it the evil, intrusive syn scan or the destructive OS fingerprinting that
    transferred mstask.exe from your computer to the machines in question? :):)
    Or did nmap confuse the Windows TCP/IP stack enough that the stack itself
    decided to copy another program over mstask.exe?!?! :) Ahah!
    </kidding>

    This seems like a mis-diagnosis having heard nothing but the couple of
    sentences you wrote below :).

    I have used nmap since version 2.54 and I have never heard of it doing
    anything like what you describe .. it just isn't capable of that kind of
    thing.

    If you think you have a trojaned nmap executable, make sure you download
    a version from http://www.insecure.org/nmap/ .. if the two are different
    contact Fyodor (links on his site), but not unless you are absolutely
    convinced and have hard proof that you somehow downloaded a faked or
    modified version of nmap. Sounds to me like your boss has jumped to
    conclusions here.

    Regards,
    Max

    On 27 Feb 2004 16:31:50 GMT, a55mnky@yahoo.com wrote:
    > Not sure if this is the best list for this, but I am in a bit of a jam.
    >
    > I just downloaded the new NMAP v. 3.50 and ran it on my internal network. My
    > IT manager is freaking out. He says my scan replaced mstask.exe on the machi
    > nes I scanned.
    >
    > Anybody else seen this behavior?

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Dan Drinnon: "Re: Nmap - 3.50 changes mstask.exe?"

    Relevant Pages

    • Fwd: Nmap/Mysql
      ... I'm doing it with python scripts, as a small project to help me learn ... python as well as learn more about nmap. ... Download FREE whitepaper on how a managed service can ...
      (Pen-Test)
    • RE: [SLE] Is Nmap broken on 9.0?
      ... i use nmap on a daily basis, ... download the source for 3.48 and compile myself... ...
      (SuSE)
    • Re: Nmap - 3.50 changes mstask.exe?
      ... Impossible for nmap to do this .. ... nmap source and somehow alter it so it exploited some vulnerability in ... Or did nmap confuse the Windows TCP/IP stack enough that the stack itself ... If you think you have a trojaned nmap executable, make sure you download ...
      (Incidents)
    • Re: Problem with NMap Scans
      ... Then how the other tools were able to complete those scans in less time, even though the strategy that is being used by nmap is different ... But in recent times when I scanned some systems it was showing nearly 8.00 hrs for SYN Scan and 19.00 hrs for UDP Scan to complete. ... buy it or download a solution FREE today! ...
      (Pen-Test)
    • Re: Nmap - 3.50 changes mstask.exe?
      ... > I just downloaded the new NMAP v. 3.50 and ran it on my internal network. ... > My IT manager is freaking out. ... your machine have admin rights on the machines you scanned? ... Also did you download NMAP from a particular mirror? ...
      (Incidents)