FW: Nmap - 3.50 changes mstask.exe?

["Dr0idb0y" <dr0idb0y () comcast net>]

Seems you have at least two issues here.  First, a manager who is looking to
blame you for this incident.  I'm always amazed at what nmap scanning gets
blamed for. It's easy enough to solve this though.  Set up two machines in
isolation, and use your version of nmap to scan it.  Voila!  Either mstask
changed or it didn't. It might be a good idea to set up a sniffer as well,
to really prove the point.  Make sure your manager is present when this
happens.

Second, you need to find out what actually did change mstask (assuming it
did actually change).  Might be a little tougher.  How many trojans/rootkits
/virii and patches do this?

Good luck!

-----Original Message-----
From: a55mnky () yahoo com [mailto:a55mnky () yahoo com]
Sent: Friday, February 27, 2004 8:32 AM
To: incidents () securityfocus com
Subject: Nmap - 3.50 changes mstask.exe?




Not sure if this is the best list for this, but I am in a bit of a jam.

I just downloaded the new NMAP v. 3.50 and ran it on my internal network. My
IT manager is freaking out.  He says my scan replaced mstask.exe on the
machines I scanned.

Anybody else seen this behavior?

---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------