From: Christopher Klaus To: firewalls@GreatCircle.COM, bugtraq@fc.net Subject: SATAN ATTACKS EVERYWHERE Date: Fri, 07 Apr 1995 11:04:12 +1534 Hey, are we still here?? Looks like we survived the numerous attacks from hordes of hackers armed with SATAN with the only desire to pillage and pilfer everyone's networks. The Internet has survived another mega hype negative story! For some reason, I really can't see tons of hackers using SATAN for several reasons: 1. It is HUGE. It eats up tons of disk and ram space. When I tried to load up SATAN's demo information on a 16 meg machine here, it crashed from not having enough RAM. It requires 32 megs . (And I thought Windows was a memory hog). Like the administrator won't notice he only has 1 meg of ram left. 2. It requires installing other packages like perl. Most hackers aren't able to run anything unless it's a no brainer script. "Gee the bad thing is we've been hacked and someone used SATAN, the good thing is that we got perl5 and a web browser installed." 3. Since you have to use a web browser, you have to either run SATAN from the console (umm, really stupid hacker scanning from his own machine) or redirect the X Display to his own machine (still really stupid). Who knows, I wouldn't be suprised if some hacker wanna-be does use SATAN. Maybe CERT can tell us if they have seen a dramatic increase in breakins now that SATAN is released? Hey, I am glad that SATAN really isn't the ideal hacker tool, but I wanted to point out (contrary to News Media) that SATAN is not the tool that will shut down the Internet. On a side note, I have released ISS 1.3 which is available on ftp.iss.net /pub/iss/iss13.tar.gz which includes many more checks than what SATAN has specified. Also, it doesn't require installing any other outside packages, is in C, and doesn't require large amounts of ram nor disk space. Here are other sites that have volunteered to mirror ISS 1.3 ftp.denet.dk /pub/security/tools/iss/ ftp.barrnet.net /security/tools/iss ftp://ftp.csc.ncsu.edu/pub/security/iss/iss13.tar.gz ftp://cch-lis.com/pub/firewall/iss ftp.ci.uminho.pt /pub/security/iss owens.ridgecrest.ca.us/users1/ftp/pub/unix/iss13.tar.gz ftp://ftp.net.ohio-state.edu/pub/security/iss (Has ISS Security FAQes as well) ftp.interaccess.com ftp.msri.org ftp.gbnet.net /pub/security/iss Cheers, Christopher -- Christopher William Klaus Voice: (404)441-2531. Fax: (404)441-2431 Internet Security Systems, Inc. Computer Security Consulting 2000 Miller Court West, Norcross, GA 30071 ========================< http://iss.net/~iss >=========================