Vulnerability Development mailing list archives
Re: nmapwin Scan 10.10.10.* after you install it and start the service.
From: Fyodor <fyodor () insecure org>
Date: Sat, 27 Jul 2002 18:22:37 -0700
On Sat, Jul 27, 2002 at 09:37:06AM -0400, ADONIS SAWAN (vllmeqtd) wrote:
But after I installed and started the service I was pissed to see the scanner start scanning 10.10.10.* WITHOUT I tell it to do so.
I would be disturbed by that too. But in this case I am pretty sure it is a bug (really stupid default) and not anything malicious. I forwarded the Author (jens.vogt () bluewin ch) a report about this last week, and his response (appended) says that it will be fixed in the next version. I have also forwarded Jens your advisory so that he can respond to vuln-dev as appropriate. Note that NmapWin does seem to be a pretty good Nmap UI for Windows. It is currently a completely separate project, but it may become the "official" recommended Nmap Windows GUI. Of course, I'll be very careful that issues like this are resolved before moving in that direction.
I do not know yet if nmapwin creator do send the scan result out. I have to dis-assemble it when I have time (hopefully next week).
Note that the source and CVS tree are in sourceforge. You may wish to examine these before going through too much dissassembly trouble. Cheers, Fyodor http://www.insecure.org/ ----- Forwarded message from jens.vogt () bluewin ch ----- Date: Thu, 25 Jul 2002 23:46:47 +0000 X-Mailer: Bluewin WebMail / BlueMail X-Originating-IP: 172.21.1.216 From: jens.vogt () bluewin ch To: mscox () ti com Cc: "Fyodor" <fyodor () insecure org> Subject: RE: [mscox () ti com: nmapwin scheduled to scan 10.10.10.0/24 out of the box] Hi Michael... this is a bug.... It will be fixed in 1.2.13 ( which come out in the next days ). 1.2.13 will have a flag (called autostart) which will determine whether the scan should be started at the selected dates/times or not. If the check box is not selected, the scan has to be started manually (via the service page of nmapwin). Per default (after the installation, the flag will be set to 'false' -> no scan will be started at service start). Best regards Jens
-- Original Message -- Date: Mon, 22 Jul 2002 11:14:25 -0700 From: Fyodor <fyodor () insecure org> To: jens.vogt () bluewin ch Subject: [mscox () ti com: nmapwin scheduled to scan 10.10.10.0/24 out of
the
box] Just forwarding along a bug report that was accidently sent to the list rather than you. -F ----- Forwarded message from "Cox, Michael" <mscox () ti com> ----- Date: Mon, 22 Jul 2002 12:14:30 -0500 X-Mailer: Internet Mail Service (5.5.2653.19) From: "Cox, Michael" <mscox () ti com> To: nmap-hackers () insecure org Subject: nmapwin scheduled to scan 10.10.10.0/24 out of the box FYI, if you are using nmapwin version 1.2.11 (I can't speak for other builds) it looks like it got built with the config set to automatically
scan
10.10.10.0/24 every day. This might cause some "issues" if your network
is
routing that space and you aren't supposed to be scanning it :-) Looks like someone posted this same issue to sourceforge on Friday: http://sourceforge.net/tracker/index.php?func=detail&aid=583950&group_id=536 39&atid=471057 ----- End forwarded message -----
Current thread:
- nmapwin Scan 10.10.10.* after you install it and start the service. ADONIS SAWAN (vllmeqtd) (Jul 27)
- Re: nmapwin Scan 10.10.10.* after you install it and start the service. Stan Bubrouski (Jul 27)
- Re: nmapwin Scan 10.10.10.* after you install it and start the service. Fyodor (Jul 27)