Summary: Satan-where to find it

From: Joe Dietz (jdietz@mis.uswest.com)
Date: Tue Mar 21 1995 - 08:21:55 CST


Original Question:
==================
Does anyone know where I can get a copy of Dan Famers Satan network security
program...

Is it even available yet...
==================
Summary:
==================
For all you "me2s"

Satan will be available on April 5, 1995. It would appear that there will be
many sites to ftp the program from....your favorite security site should
have a copy...thanks to all who replied...I liked the reply "Horse's
Mouth"--almost offical :-)

Details:
==================
From: Brian Utterback <blu@mc.com>

It is not yet available. It is to be released on April 5th. The locations
are:

gatekeeper.dec.com:/pub/net/SATAN/
ftp.cs.ruu.nl:/pub/SECURITY
ftp.informatik.uni-kiel.de:/pub/sources/security/MIRROR.ftp.win.tue.nl
ftp.wi.leidenuniv.nl:/pub/security
ftp.kfki.hu:/pub/util/security/ftp.win.tue.nl
ftp.demon.co.uk:/pub/mirrors/satan
ftp.lerc.nasa.gov:/security/satan.tar.Z
ftp.win.tue.nl:/pub/security/satan.tar.Z

The last one is the home site.

==================

From: Jeb Weisman <weisman@pacificu.edu>

It is officially available on April 5th, but I know a beta tester now.
All the documentation is available by FTP at Wietse's site in the
Netherlands. If you'd like more info let me know.
==================
From: Torsten Metzner <tom@uni-paderborn.de>

here is an "old" mail from my archive to this subject.

------ Forwarded Article <3jna5h$1tu@anshar.shadow.net>
------ From cklaus@anshar.shadow.net (Christopher Klaus)

Newsgroups: comp.security.misc,alt.security,comp.security.unix
Path: uni-paderborn.de!news.rwth-aachen.de!news.rhrz.uni-bonn.de!news.uni-stuttgart.de!rz.uni-karlsruhe.de!xlink.net!howland.reston.ans.net!newsjunkie.ans.net!news.pipeline.com!news.cs.columbia.edu!news.columbia.edu!lamont!anshar.shadow.net!nobody
From: cklaus@anshar.shadow.net (Christopher Klaus)
Subject: Re: what SATAN is
Message-ID: <3jna5h$1tu@anshar.shadow.net>
Lines: 94
Sender: news@lamont.ldgo.columbia.edu (USENET News System)
Organization: Shadow Information Services, Inc.
X-Newsreader: TIN [version 1.2 PL2]
References: <3j4e4s$5dl@wzv.win.tue.nl>
Date: Thu, 9 Mar 1995 16:25:21 GMT
Xref: uni-paderborn.de comp.security.misc:15522 alt.security:21194 comp.security.unix:13317

There shouldn't be any controversy about Satan. There's another tool
called Internet Security Scanner (ISS) 1.21 that has been on the Internet
for two years now that scans for vulnerabilities and allows administrators
to take corrective measures.

Earlier versions of Satan have been available to the computer underground
for awhile now. Someone posted on alt.2600 that
ftp.netcom.com:/pub/da/daemon9/BinTools/satan.tar.z had a copy that was
rather old, but it did contain some scans of Sun.Com.

ISS is available on aql.gatech.edu:/pub/security/iss

Wietse Venema (wietse@wzv.win.tue.nl) wrote:
: There seems to be considerable confusion about what SATAN is and what
: the impact of its release will be.

: SATAN was written because we realized that computer systems are
: becoming more and more dependent on the network, and at the same
: becoming more and more vulnerable to attack via that same network.

: The rationale for creating SATAN can be found in a paper that we posted
: as long ago as december 1993. This paper can be found on ftp.win.tue.nl
: as /pub/security/admin-guide-to-cracking.101.Z (flat text, compressed
: with the UNIX compress command).

: SATAN is a tool to help systems administrators to keep a large class of
: intruders out. Keeping out the real Mitnicks is hard enough even for
: real security experts.

: SATAN collects information that is available to everyone on with access
: to the network. With a properly-configured firewall in place, that
: should be zero information for external users.

: SATAN performs scans at various levels.

: - At the light level, SATAN queries the host and establishes the
: general character of a system: is it a file server, a diskless
: workstation?

: - At the intermediate level, SATAN recognizes the system type (ex: SUN
: SGI DEC IBM HP), and well-known network services that the system offers
: to the network (ex: remote login, anonymous FTP, WWW, Gopher, email).

: - At the advanced level, SATAN interrogates the host to find out if
: critical access controls are missing or defective. This is probably the
: most controversial part. We take a conservative approach. SATAN
: collects information without actually exploiting problems it finds.

: - The fourth level, breaking into systems, has not been implemented.

: We stress again that SATAN collects information that is available to
: everyone on with access to the network, though all that scanning and
: probing will raise alarms when sites pay least minimal attention to
: what happens on their network.

: For each type of problem found, SATAN offers a tutorial that explains
: the problem and what its impact could be. The tutorial also explains
: what can be done about the problem: correct an error in a configuration
: file, install a bugfix from the vendor, use other means to restrict
: access, or simply disable service.

: We have done some limited research with SATAN. Our finding is that on
: networks with more than a few dozen systems, SATAN will inevitably find
: problems. Here's the current problem list:

: NFS file systems exported to unprivileged programs
: NFS file systems exported to arbitrary hosts
: NFS file systems exported via the portmapper
: NIS password file access from arbitrary hosts
: REXD access from arbitrary hosts
: arbitrary files accessible via TFTP
: remote shell access from arbitrary hosts
: X server access control disabled
: writable anonymous FTP home directory

: These are well-known problems. They have been subject of CERT and/or
: CIAC advisories, or are described extensively in practical security
: handbooks. These problems also have been exploited by the intruder
: community for a long time.

: We realize that SATAN is a two-edged sword - like many tools, it can be
: used for good and for evil purposes. We also realize that intruders
: (including wannabees) have much more capable (read intrusive) tools
: than offered with SATAN. We have those tools, too, but giving them
: away to the world at large is not the goal of the SATAN project.

: Wietse

-- 
Christopher William Klaus       Voice: (404)441-2531. Fax: (404)441-2431
Internet Security Systems, Inc.         Computer Security Consulting
2000 Miller Court West, Norcross, GA 30071

------ End of Forwarded Article =================

From: Nino Margetic <nino@flemming.well.ox.ac.uk>

Nowhere for the moment. The general public release is scheduled for mid-April or thereabouts... Send mail to majordomo@wzv.win.tue.nl with the body containg

get satan release-plan =================

From: Phyllis.Bahue@ebay.sun.com (Phyllis Bahue)

Here's the release schedule for the SATAN (Security Administrator Tool > for Analyzing Networks) tool. Below is a summary of what it is about. > > February 24 > alpha release to selected expert sites > > March 15, 16:00 MET > beta release to selected major sites > documentation release to the public > ftp.win.tue.nl:/pub/security/satan_doc.tar.Z > > April 5, 16:00 MET > first release to the public. > ftp.win.tue.nl:/pub/security/satan.tar.Z > > Mirror site offers are welcome. > > Wietse Venema / Dan Farmer > > SATAN was written because we realized that computer systems are > becoming more and more dependent on the network, and at the same > becoming more and more vulnerable to attack via that same network. > > The rationale for SATAN is given in a paper posted in december 1993 > (ftp.win.tue.nl:/pub/security/admin-guide-to-cracking.101.Z, flat text > compressed with the UNIX compress command). > > SATAN is a tool to help systems administrators. It recognizes several > common networking-related security problems, and reports the problems > without actually exploiting them. > > For each type or problem found, SATAN offers a tutorial that explains > the problem and what its impact could be. The tutorial also explains > what can be done about the problem: correct an error in a configuration > file, install a bugfix from the vendor, use other means to restrict > access, or simply disable service. > > SATAN collects information that is available to everyone on with access > to the network. With a properly-configured firewall in place, that > should be near-zero information for outsiders. > > We have done some limited research with SATAN. Our finding is that on > networks with more than a few dozen systems, SATAN will inevitably find > problems. Here's the current problem list: > > NFS file systems exported to arbitrary hosts > NFS file systems exported to unprivileged programs > NFS file systems exported via the portmapper > NIS password file access from arbitrary hosts > Old (i.e. before 8.6.10) sendmail versions > REXD access from arbitrary hosts > X server access control disabled > arbitrary files accessible via TFTP > remote shell access from arbitrary hosts > writable anonymous FTP home directory > > These are well-known problems. They have been subject of CERT, CIAC, or > other advisories, or are described extensively in practical security > handbooks. The problems have been exploited by the intruder community > for a long time. > > We realize that SATAN is a two-edged sword - like many tools, it can be > used for good and for evil purposes. We also realize that intruders > (including wannabees) have much more capable (read intrusive) tools > than offered with SATAN. We have those tools, too, but giving them > away to the world at large is not the goal of the SATAN project.

================== From: anthony baxter <anthony.baxter@aaii.oz.au> april 5th. ftp.win.tue.nl:/pub/security

Docs are available from several sites

(cert.org, ftp.win.tue.nl)

================== From: "Susan M. Menig" <ddq251f@shoes.bell-atl.com>

If you want info on SATAN, follow these instructions as posted by Wietse Venema to the comp.security.unix newsgroup:

>>Send mail to majordomo@wzv.win.tue.nl, with as body (not subject): >> >> get satan release-plan >> get satan description >> get satan admin-guide-to-cracking.101 >> >>These will get you the release plan, a brief description, and the >>december 1993 article titled "Improving the Security of Your Site by >>Breaking Into it", which gives the rationale for creating SATAN. >> >>You may send multiple requests in one message. >> >> Wietse ================

From: Reto Lichtensteiger <rali@hri.com>

"Horse's mouth ..."

: This is from the co-author of SATAN : ----------------------------------- : From the desktop of Wietse Venema : : Here's the release schedule for the SATAN (Security Administrator Tool : for Analyzing Networks) tool. Below is a summary of what it is about. : : February 24 : alpha release to selected expert sites : : March 15, 16:00 MET : beta release to selected major sites : documentation release to the public : ftp.win.tue.nl:/pub/security/satan_doc.tar.Z : : April 5, 16:00 MET : first release to the public. : ftp.win.tue.nl:/pub/security/satan.tar.Z : : Mirror site offers are welcome. : : Wietse Venema / Dan Farmer : : SATAN was written because we realized that computer systems are : becoming more and more dependent on the network, and at the same : becoming more and more vulnerable to attack via that same network. : : The rationale for SATAN is given in a paper posted in december 1993 : (ftp.win.tue.nl:/pub/security/admin-guide-to-cracking.101.Z, flat text : compressed with the UNIX compress command). : : SATAN is a tool to help systems administrators. It recognizes several : common networking-related security problems, and reports the problems : without actually exploiting them. : : For each type or problem found, SATAN offers a tutorial that explains : the problem and what its impact could be. The tutorial also explains : what can be done about the problem: correct an error in a configuration : file, install a bugfix from the vendor, use other means to restrict : access, or simply disable service. : : SATAN collects information that is available to everyone on with access : to the network. With a properly-configured firewall in place, that : should be near-zero information for outsiders. : : We have done some limited research with SATAN. Our finding is that on : networks with more than a few dozen systems, SATAN will inevitably find : problems. Here's the current problem list: : : NFS file systems exported to arbitrary hosts : NFS file systems exported to unprivileged programs : NFS file systems exported via the portmapper : NIS password file access from arbitrary hosts : Old (i.e. before 8.6.10) sendmail versions : REXD access from arbitrary hosts : X server access control disabled : arbitrary files accessible via TFTP : remote shell access from arbitrary hosts : writable anonymous FTP home directory : : These are well-known problems. They have been subject of CERT, CIAC, or : other advisories, or are described extensively in practical security : handbooks. The problems have been exploited by the intruder community : for a long time. : : We realize that SATAN is a two-edged sword - like many tools, it can be : used for good and for evil purposes. We also realize that intruders : (including wannabees) have much more capable (read intrusive) tools : than offered with SATAN. We have those tools, too, but giving them : away to the world at large is not the goal of the SATAN project. =================



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:19 CDT