SATAN (Security Administrator Tool for Analyzing Networks) is a hot topic on the Internet and in the popular media. Articles about SATAN have published in (among others):

  • InformationWeek
  • The San Francisco Cronicle
  • The San Jose Mercury News
  • The Seattle Times
  • The New York Times
  • The rationale for a creating SATAN is found in a paper posted in 1993 by the authors.

    The programs that make up SATAN are implemented with a hypertext front-end that provides the user interface and integrates the documentation for the program. If you have perl 5.000 on your system, and Mosaic or Netscape, you can have SATAN running in a matter of few minutes. An excellent review of SATAN was produced by CIAC as bulletin F-20.

    Part of the SATAN documentation is included here. (Note: some of the links may not work, since these HTML files were taken out of their normal context as part of SATAN. For full documentation, get/install your own copy of SATAN.)

  • SATAN Documentation
  • Learning to use SATAN - a Quick Tutorial
  • Vulnerabilities - a Tutorial
  • Frequently Asked Questions (SATAN FAQ)
  • Quotable quotes about SATAN
  • Some pretty interesting comments have started to show up on the Internet in newsgroups and email lists re: SATAN and its implications.

    These sources include:

    Where to get SATAN

    Links to obtain SATAN are being maintained by CERT-UU and have been posted on Usenet by one of the authors.

    What should I do about SATAN?

    For information on ways to improve security of your systems you should check the following resources:

  • CIAC bulletin F-20,
  • CIAC Notes, especially issues
  • CERT advisory CA-95:06
  • The SATAN documentation itself (especially the Vulnerabilities tutorial),
  • The Security Frequently Asked Questions file from ISS,
  • Notes from a talk on Unix System Security presented at a recent University of Washington Departmental Computer Support meeting,
  • Other suggestions from news groups/email lists include:

  • Setting "alarms" on systems that monitor TCP/IP ports
  • Trying to identify the signature of a SATAN (ISS/PingWare/tcp_probe) attack

  • since 3/22/96
    Dave Dittrich <>
    Last modified: Fri Mar 22 17:14:48 1996