Bugtraq mailing list archives
Re: Time For New Security Package? (was Re: new iss stuff)
From: iceman () mbnet mb ca (Oliver Friedrichs)
Date: Wed, 11 May 1994 09:19:09 -0500 (CDT)
On Tue, 10 May 1994, Tom Fitzgerald wrote:
do, and COPS already has lots of useful name-recognition. Second, Gene Spafford mentioned that he had someone already working on something like this, so I'd be careful not to duplicate effort
Don't forget about SATAN (whenever it will be publicly released). From Appendix A of Dan Farmer and Wietse Venema's paper - _Improving the Security of Your Site by Breaking Into it_: Appendix A: SATAN (Security Analysis Tool for Auditing Networks) Originally conceived some years ago, SATAN is actually the prototype of a much larger and more comprehensive vision of a security tool. In its current incarnation, SATAN remotely probes and reports various bugs and weaknesses in network services and windowing systems, as well as detailing as much generally useful information as possible about the target(s). It then processes the data with a crude filter and what might be termed an expert system to generate the final security analysis. While not particularly fast, it is extremely modular and easy to modify. SATAN consists of several sub-programs, each of which is an executable file (perl, shell, compiled C binary, whatever) that tests a host for a given potential weakness. Adding further test programs is as simple as putting an executable into the main directory with the extension ".sat"; the driver program will automatically execute it. The driver generates "live" targets), and then executes each of the programs over each of the targets. A data filtering/interpreting program then analyzes the output, and lastly a reporting program digests everything into a more readable format. The entire package, including source code and documentation, will be made freely available to the public, via anonymous ftp and by posting it to one of the numerous source code groups on the Usenet. - Oliver
Current thread:
- new iss stuff Dan (May 09)
- <Possible follow-ups>
- Re: new iss stuff Adam Shostack (May 10)
- Re: new iss stuff Pat Myrto (May 10)
- Re: new iss stuff Mark (May 10)
- Re: new iss stuff Karl Strickland (May 10)
- Re: new iss stuff Steven C. Blair (May 10)
- Re: new iss stuff Pat Myrto (May 10)
- Time For New Security Package? (was Re: new iss stuff) David Bianco (May 10)
- Re: Time For New Security Package? (was Re: new iss stuff) Tom Fitzgerald (May 10)
- Re: Time For New Security Package? (was Re: new iss stuff) Oliver Friedrichs (May 11)
- ANNOUNCING THE [8LGM] FILESERVER & MAILING LIST INFO Karl Strickland (May 14)
- Re: Time For New Security Package? (was Re: new iss stuff) Gene Spafford (May 14)
- The ISS Program Paul Robinson (May 10)
- wolves and sheep on the inet Timothy Newsham (May 11)
- Re: wolves and sheep on the inet Gene Spafford (May 13)
- Re: wolves and sheep on the inet Steve Simmons (May 13)
- permissions Perry E. Metzger (May 16)
- Re: permissions Pat Myrto (May 16)
- Re: permissions Evil Pete (May 17)
- Re: permissions Pat Myrto (May 17)