Bugtraq mailing list archives

SATAN ATTACKS EVERYWHERE

From: cklaus () iss net (Christopher Klaus)
Date: Fri, 7 Apr 1995 11:04:12 +1494730 (PDT)


Hey, are we still here?? Looks like we survived the numerous attacks 
from hordes of hackers armed with SATAN with the only desire
to pillage and pilfer everyone's networks.  The Internet has survived
another mega hype negative story!  

For some reason, I really can't see tons of hackers using SATAN for several
reasons:

1. It is HUGE.  It eats up tons of disk and ram space.  When I tried to 
load up SATAN's demo information on a 16 meg machine here, it crashed
from not having enough RAM.  It requires 32 megs .  (And I thought
Windows was a memory hog).  Like the administrator won't notice he only
has 1 meg of ram left.

2. It requires installing other packages like perl.  Most hackers aren't
able to run anything unless it's a no brainer script.  "Gee the bad thing
is we've been hacked and someone used SATAN, the good thing is that we
got perl5 and a web browser installed." 

3. Since you have to use a web browser, you have to either run SATAN from
the console (umm, really stupid hacker scanning from his own machine) or
redirect the X Display to his own machine (still really stupid).  Who knows,
I wouldn't be suprised if some hacker wanna-be does use SATAN.  Maybe
CERT can tell us if they have seen a dramatic increase in breakins now
that SATAN is released?

Hey, I am glad that SATAN really isn't the ideal hacker tool, but I wanted
to point out (contrary to News Media) that SATAN is not the tool that
will shut down the Internet.

On a side note,  I have released ISS 1.3 which is available on ftp.iss.net
/pub/iss/iss13.tar.gz which includes many more checks than what SATAN
has specified.  Also, it doesn't require installing any other outside packages,
is in C, and doesn't require large amounts of ram nor disk space. 

Here are other sites that have volunteered to mirror ISS 1.3

ftp.denet.dk /pub/security/tools/iss/
ftp.barrnet.net /security/tools/iss
ftp://ftp.csc.ncsu.edu/pub/security/iss/iss13.tar.gz
ftp://cch-lis.com/pub/firewall/iss
ftp.ci.uminho.pt /pub/security/iss
owens.ridgecrest.ca.us/users1/ftp/pub/unix/iss13.tar.gz
ftp://ftp.net.ohio-state.edu/pub/security/iss (Has ISS Security FAQes as well)
ftp.interaccess.com
ftp.msri.org
ftp.gbnet.net /pub/security/iss

Cheers,
Christopher

-- 
Christopher William Klaus       Voice: (404)441-2531. Fax: (404)441-2431
Internet Security Systems, Inc.         Computer Security Consulting
2000 Miller Court West, Norcross, GA 30071
========================< http://iss.net/~iss >=========================

Current thread:

Linux/SATAN Adam Machanic (Oct 21)
- Re: Linux/SATAN Michael Galante (Apr 06)
  - Re: Linux/SATAN Josh Wilmes (Oct 30)
  - SATAN ATTACKS EVERYWHERE Christopher Klaus (Jul 23)
    - Re: SATAN ATTACKS EVERYWHERE Leo Bicknell (Apr 07)
    - Problem with SATAN/VMS David R. Sears (Apr 07)
    - Re: Problem with SATAN/VMS Andreas Siegert (Apr 07)
    - Re: Problem with SATAN/VMS Timothy Newsham (Apr 08)
    - All.Net's security testing service Baltzer, Craig (Apr 07)
    - Re[2]: Technical Observations on SATAN: Issue: VMS and TCP/I Nayfield, Rod (Apr 07)
    - Re: SATAN ATTACKS EVERYWHERE Wolfgang Ley (Apr 09)
    - Re: SATAN ATTACKS EVERYWHERE Christopher Klaus (Jul 25)
- Shadowed PW file under Linux lenex (Apr 06)
  - Re: Shadowed PW file under Linux Cenon B.C. Marana Jr. (Apr 07)

(Thread continues...)