SATAN

SATAN (Security Administrator Tool for Analyzing Networks) is a hot topic on the Internet and in the popular media. Articles about SATAN have published in (among others):

InformationWeek

April 3, 1995, "Cure or Curse: Ready or not, the Satan security tool is coming April 5th" (cover story)

The San Francisco Cronicle

Wednesday, March 22, "Giveaway Costs Internet Expert His Job"

The San Jose Mercury News

Wednesday, March 22, "Controversial Satan costs inventor job"

The Seattle Times

Friday, March 17, page E1, "Soon-to-be-released Satan software may wreak havoc on networks"

The New York Times

Wednesday, March 22, page C4, "Dismissal of Security Expert Adds Fuel to Internet Debate"
Sunday, March 12, 1995, page F11, "Software That Pits Alarmists Against Devil's Advocates"

The rationale for a creating SATAN is found in a paper posted in 1993 by the authors.

The programs that make up SATAN are implemented with a hypertext front-end that provides the user interface and integrates the documentation for the program. If you have perl 5.000 on your system, and Mosaic or Netscape, you can have SATAN running in a matter of few minutes. An excellent review of SATAN was produced by CIAC as bulletin F-20.

Part of the SATAN documentation is included here. (Note: some of the links may not work, since these HTML files were taken out of their normal context as part of SATAN. For full documentation, get/install your own copy of SATAN.)

SATAN Documentation

Learning to use SATAN - a Quick Tutorial

Vulnerabilities - a Tutorial

Frequently Asked Questions (SATAN FAQ)

Quotable quotes about SATAN

Some pretty interesting comments have started to show up on the Internet in newsgroups and email lists re: SATAN and its implications.

These sources include:

the bugtraq mailing list
the Intrusion Detection Systems (ids) mailing list
the firewalls mailing list
the alt.security Usenet news group
the comp.security.misc Usenet news group

Where to get SATAN

Links to obtain SATAN are being maintained by CERT-UU and have been posted on Usenet by one of the authors.

What should I do about SATAN?

For information on ways to improve security of your systems you should check the following resources:

CIAC bulletin F-20,

CIAC Notes, especially issues

CERT advisory CA-95:06

The SATAN documentation itself (especially the Vulnerabilities tutorial),

The Security Frequently Asked Questions file from ISS,

Notes from a talk on Unix System Security presented at a recent University of Washington Departmental Computer Support meeting,

Other suggestions from news groups/email lists include:

Setting "alarms" on systems that monitor TCP/IP ports

Trying to identify the signature of a SATAN (ISS/PingWare/tcp_probe) attack

since 3/22/96

Dave Dittrich <dittrich@cac.washington.edu>

Last modified: Fri Mar 22 17:14:48 1996