> Hey, are we still here?? Looks like we survived the numerous attacks > from hordes of hackers armed with SATAN with the only desire > to pillage and pilfer everyone's networks. The Internet has survived > another mega hype negative story! > > For some reason, I really can't see tons of hackers using SATAN for several > reasons: 0. SATAN was never designed to be a tool to exploit security problems on other sites. > 1. It is HUGE. It eats up tons of disk and ram space. When I tried to > load up SATAN's demo information on a 16 meg machine here, it crashed > from not having enough RAM. It requires 32 megs . (And I thought > Windows was a memory hog). Like the administrator won't notice he only > has 1 meg of ram left. I have never seen a "real" Unix system with 16 meg total memory (phys. memory and swap space). I'm not talking about your poor PC running linux or something like that... SATAN itself is not "HUGE". Maybe you are talking about an interactive session using an X11-htm-viewer and you are including perl5 into your count? The memory SATAN needs depends on the size of your network. If you have a network with several thousand computers you will have at least one with more than 16 meg total memory (including swap) and a free disk space of a few (lets say 50) megs - don't you? > 2. It requires installing other packages like perl. Most hackers aren't > able to run anything unless it's a no brainer script. "Gee the bad thing > is we've been hacked and someone used SATAN, the good thing is that we > got perl5 and a web browser installed." Perhaps you are talking about wannbe-hackers that are trying to break into other systems (crackers). Hackers (in the original term people with deep knowledge about computers) won't have problems installing perl... Every normal sys-admin is able to install perl - it's one of the easiest to install packages that are available. > 3. Since you have to use a web browser, you have to either run SATAN from > the console (umm, really stupid hacker scanning from his own machine) or > redirect the X Display to his own machine (still really stupid). Who knows, > I wouldn't be suprised if some hacker wanna-be does use SATAN. Maybe > CERT can tell us if they have seen a dramatic increase in breakins now > that SATAN is released? Have you ever tried to read the documentation? Ever used SATAN? Of course you can use satan as a shell-command to collect the data. There are also HTML-viewers that do not need X (like lynx) and work very well together with satan. > Hey, I am glad that SATAN really isn't the ideal hacker tool, but I wanted > to point out (contrary to News Media) that SATAN is not the tool that > will shut down the Internet. Hmm. My very personal opinion is that you not tried to be objective nor did you read the full documentation and understood the principles of SATAN. But now we are comming to the real reason of your posting: > On a side note, I have released ISS 1.3 which is available on ftp.iss.net > /pub/iss/iss13.tar.gz which includes many more checks than what SATAN > has specified. Also, it doesn't require installing any other > outside packages, is in C, and doesn't require large amounts of ram > nor disk space. > Ok. Let's check. 1. Includes more checks? This is not a problem. The main goal of the current release of SATAN was to bring out the package right now so it can't be stopped, to get feedback for bug-fixes and (later) add more tests. It would be interesting to see new versions of ISS as soon as new checks are being shipped with SATAN. So why haven't you released this iss version with more tests before? 2. Doesn't require installing other packages? Oh - nice. How will it work on my Solaris 2.x machine (out of the box) that has no C-compiler? SATAN also includes another very important part (missing in ISS): the "web of trust". By using this you can "get the whole picture" instead of highliting only single problems. This part isn't yet powerful enough but the authors are still working especially on this topic. Another point: You first said that satan is huge, requires additional packages, etc. and than said that your product is better in this categories. Also you said because of the disadvantages of SATAN in this points crackers won't use it. Later on you are advertising your tool... Who should use it? The crackers or the sysadmins? You completly ignored the very good documentation of SATAN! Also compare the data presentation of ISS and SATAN and the user interface... Also I don't think that Dan and Wietse are those guys who are thinking: first we release a small package for public use and than (after getting feedback and imporving the product) don't give the results of the feedback back to the community but instead sell the product as binary only for a very high price... Bye, Wolfgang Ley. -- ---------------------------------------------------------------------- Wolfgang Ley, DFN-CERT, Vogt-Koelln-Str. 30, 22527 Hamburg, Germany Email: ley@cert.dfn.de Phone: +49 40 54715-262 Fax: +49 40 54715-241 PGP-Key available via finger ley@concert.cert.dfn.de or any key-server