Security Incidents mailing list archives
Re: Nmap - 3.50 changes mstask.exe?
From: "Max" <security () webwizarddesign com>
Date: Fri, 27 Feb 2004 16:38:40 +0500
Huh? :) Impossible for nmap to do this .. I guess someone could get the nmap source and somehow alter it so it exploited some vulnerability in Windows to do this, but that seems like a reaaaal long shot! :) Where did you download nmap from? What proof does he have that nmap did this? What was mstask.exe replaced by? How does your boss think nmap did this? <kidding> Was it the evil, intrusive syn scan or the destructive OS fingerprinting that transferred mstask.exe from your computer to the machines in question? :):) Or did nmap confuse the Windows TCP/IP stack enough that the stack itself decided to copy another program over mstask.exe?!?! :) Ahah! </kidding> This seems like a mis-diagnosis having heard nothing but the couple of sentences you wrote below :). I have used nmap since version 2.54 and I have never heard of it doing anything like what you describe .. it just isn't capable of that kind of thing. If you think you have a trojaned nmap executable, make sure you download a version from http://www.insecure.org/nmap/ .. if the two are different contact Fyodor (links on his site), but not unless you are absolutely convinced and have hard proof that you somehow downloaded a faked or modified version of nmap. Sounds to me like your boss has jumped to conclusions here. Regards, Max On 27 Feb 2004 16:31:50 GMT, a55mnky () yahoo com wrote:
Not sure if this is the best list for this, but I am in a bit of a jam. I just downloaded the new NMAP v. 3.50 and ran it on my internal network. My IT manager is freaking out. He says my scan replaced mstask.exe on the machi nes I scanned. Anybody else seen this behavior?
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Nmap - 3.50 changes mstask.exe? a55mnky (Feb 27)
- RE: Nmap - 3.50 changes mstask.exe? Jerry Shenk (Feb 27)
- Re: Nmap - 3.50 changes mstask.exe? aeonflux (Feb 27)
- Re: Nmap - 3.50 changes mstask.exe? Joshua Levitsky (Feb 27)
- Re: Nmap - 3.50 changes mstask.exe? Dan Drinnon (Feb 27)
- Re: Nmap - 3.50 changes mstask.exe? Jeremiah Cornelius (Feb 27)
- Re: Nmap - 3.50 changes mstask.exe? Nick FitzGerald (Feb 27)
- Re: Nmap - 3.50 changes mstask.exe? edelweiss (Feb 29)
- <Possible follow-ups>
- RE: Nmap - 3.50 changes mstask.exe? Rob Keown (Feb 27)
- Re: Nmap - 3.50 changes mstask.exe? Max (Feb 27)
- Re: Nmap - 3.50 changes mstask.exe? Max (Feb 27)
- RE: Nmap - 3.50 changes mstask.exe? Flowers, Katie (Feb 27)
- RE: Nmap - 3.50 changes mstask.exe? Jeremy Junginger (Feb 27)
- RE: Nmap - 3.50 changes mstask.exe? Jim Harrison (ISA) (Feb 27)
- FW: Nmap - 3.50 changes mstask.exe? Dr0idb0y (Feb 27)
- RE: Nmap - 3.50 changes mstask.exe? Ben . Vaughn (Feb 27)
- RE: Nmap - 3.50 changes mstask.exe? David LeBlanc (Feb 29)