Re: Nmap - 3.50 changes mstask.exe?

From: Max (security_at_webwizarddesign.com)
Date: 02/27/04

  • Next message: Dan Drinnon: "Re: Nmap - 3.50 changes mstask.exe?"
    To: incidents@securityfocus.com
    Date: Fri, 27 Feb 2004 16:38:40 +0500
    
    

    Huh? :)

    Impossible for nmap to do this .. I guess someone could get the
    nmap source and somehow alter it so it exploited some vulnerability in
    Windows to do this, but that seems like a reaaaal long shot! :)

    Where did you download nmap from? What proof does he have that nmap
    did this? What was mstask.exe replaced by? How does your boss think
    nmap did this?

    <kidding>
    Was it the evil, intrusive syn scan or the destructive OS fingerprinting that
    transferred mstask.exe from your computer to the machines in question? :):)
    Or did nmap confuse the Windows TCP/IP stack enough that the stack itself
    decided to copy another program over mstask.exe?!?! :) Ahah!
    </kidding>

    This seems like a mis-diagnosis having heard nothing but the couple of
    sentences you wrote below :).

    I have used nmap since version 2.54 and I have never heard of it doing
    anything like what you describe .. it just isn't capable of that kind of
    thing.

    If you think you have a trojaned nmap executable, make sure you download
    a version from http://www.insecure.org/nmap/ .. if the two are different
    contact Fyodor (links on his site), but not unless you are absolutely
    convinced and have hard proof that you somehow downloaded a faked or
    modified version of nmap. Sounds to me like your boss has jumped to
    conclusions here.

    Regards,
    Max

    On 27 Feb 2004 16:31:50 GMT, a55mnky@yahoo.com wrote:
    > Not sure if this is the best list for this, but I am in a bit of a jam.
    >
    > I just downloaded the new NMAP v. 3.50 and ran it on my internal network. My
    > IT manager is freaking out. He says my scan replaced mstask.exe on the machi
    > nes I scanned.
    >
    > Anybody else seen this behavior?

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Dan Drinnon: "Re: Nmap - 3.50 changes mstask.exe?"