Re: Nmap - 3.50 changes mstask.exe?

["Max" <security () webwizarddesign com>]

Huh? :)

Impossible for nmap to do this .. I guess someone could get the
nmap source and somehow alter it so it exploited some vulnerability in
Windows to do this, but that seems like a reaaaal long shot! :)

Where did you download nmap from?  What proof does he have that nmap
did this?  What was mstask.exe replaced by?  How does your boss think
nmap did this?  

<kidding>
Was it the evil, intrusive syn scan or the destructive OS fingerprinting that 
transferred mstask.exe from your computer to the machines in question? :):)
Or did nmap confuse the Windows TCP/IP stack enough that the stack itself
decided to copy another program over mstask.exe?!?! :) Ahah!
</kidding>

This seems like a mis-diagnosis having heard nothing but the couple of
sentences you wrote below :).

I have used nmap since version 2.54 and I have never heard of it doing
anything like what you describe .. it just isn't capable of that kind of
thing.

If you think you have a trojaned nmap executable, make sure you download
a version from http://www.insecure.org/nmap/ .. if the two are different
contact Fyodor (links on his site), but not unless you are absolutely 
convinced and have hard proof that you somehow downloaded a faked or 
modified version of nmap.  Sounds to me like your boss has jumped to
conclusions here.

Regards,
Max

On 27 Feb 2004 16:31:50 GMT, a55mnky () yahoo com wrote:
> Not sure if this is the best list for this, but I am in a bit of a jam.
>
> I just downloaded the new NMAP v. 3.50 and ran it on my internal network. My 
> IT manager is freaking out.  He says my scan replaced mstask.exe on the machi
> nes I scanned.
>
> Anybody else seen this behavior?

---------------------------------------------------------------------------
----------------------------------------------------------------------------