OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 2nd quarter (Apr-Jun) 1995: Re: SATAN ATTACKS EVERYWHERE

Re: SATAN ATTACKS EVERYWHERE

Leo Bicknell (bicknellussenterprise.async.vt.edu)
Fri, 7 Apr 1995 12:41:13 -0400 (EDT)

> Hey, are we still here?? Looks like we survived the numerous attacks 
> from hordes of hackers armed with SATAN with the only desire
> to pillage and pilfer everyone's networks.  The Internet has survived
> another mega hype negative story!  

	While I'll agree it's hype, I'll disagree with your logic for
several reasons:

> 1. It is HUGE.  It eats up tons of disk and ram space.  When I tried to 
> load up SATAN's demo information on a 16 meg machine here, it crashed
> from not having enough RAM.  It requires 32 megs .  (And I thought
> Windows was a memory hog).  Like the administrator won't notice he only
> has 1 meg of ram left.

	All the CS undergrads here have an account on a machine with
more then enough resources (over 600 megs total RAM + Swap), and
almost all of our lab machines can run it no problem.  If they only
scanned a few machines and then removed it we probably would not
notice, save the fact we are using courtney to log such things.

> 2. It requires installing other packages like perl.  Most hackers aren't
> able to run anything unless it's a no brainer script.  "Gee the bad thing
> is we've been hacked and someone used SATAN, the good thing is that we
> got perl5 and a web browser installed." 

	Again, all of our machines have Perl 5 and Web browsers (5 I
think) installed for Administrative purposes/class use.  With the
tools there it is a no-brainer script.

> 3. Since you have to use a web browser, you have to either run SATAN from
> the console (umm, really stupid hacker scanning from his own machine) or
> redirect the X Display to his own machine (still really stupid).  Who knows,

	Lynx, a text browser, works great.  Plus, SATAN can be used
from the command line to scan, and then the resulting data files can
be downloaded to a local machine to view, if you're really crazy you
can look at the database yourself, it's all in ASCII, and not too hard
to read.

> Hey, I am glad that SATAN really isn't the ideal hacker tool, but I wanted
> to point out (contrary to News Media) that SATAN is not the tool that
> will shut down the Internet.

	I agree, within a week all the holes it checks for will be
fixed on almost every machine in existance.  My largest fear is since
it's so extendable that some people will add new modules that scan for
other things and make them so easy to add in all the lusers will pick
them up.

> On a side note,  I have released ISS 1.3 which is available on ftp.iss.net
> /pub/iss/iss13.tar.gz which includes many more checks than what SATAN
> has specified.  Also, it doesn't require installing any other outside packages,
> is in C, and doesn't require large amounts of ram nor disk space. 

*wanders off to ftp*