Date: Tue, 18 Jun 1996 07:57:46 -0700 (PDT)
From: Michael Dillon <michael@memra.com>
Subject: SATAN pre-delivery questionnaire (fwd)

Recently on an ISP mailing list, the following exchange occurred...

IRVAN: Where can I gots SATAN?

CARL: Please fill out the following SATAN pre-delivery questionnaire
      in order for us to configure a copy of SATAN to your needs..
      blah, blah, blah,

A questionnaire spoof followed including things like an OS checkoff
list that offered choices like "Windows 95 for SPARC Alpha SunOS".
Then the following reply came back from IRVAN. The only thing I have
done is throw away the headers and change the root password. That's
right, I said *CHANGE* the root password that was given in the
message....


   Dear, Mr. Carl

   SATAN pre-delivery questionnaire.

   1. My domain name : mega.net.id  (202.149.251.40)
   2. IP. addresses : 202.149.251.83
   3. Root password : 33mgirvan
   4. My level : c (a trade school or college grad that wants the
      full-featured service pack).
   5. My name : IRVAN NASRUN
   6. My security number : I don' t have security number, because in
      my contry none security number.
   7. Visa number : I don't have, because I am student. I am student in
      "Institut Teknologi Sepuluh November Surabaya, Indonesia".
   8. My operating system : MS-DOS, and Windows 3.1.
   Thank's

From: Michael Dillon <michael@memra.com>
Subject: Re: SATAN pre-delivery questionnaire (fwd)

On Tue, 18 Jun 1996, Michel Lavondes wrote:

> > is throw away the headers and change the root password. That's
> > right, I said *CHANGE* the root password that was given in the
> > message....
> Did you try it ? ;-)

No, I'm not that nasty. But the guy who posted the spoof questionaire
said he felt like he had just shot a burglar in his livingroom
(perfectly legal in the USA) but now he has a big bloodstain in his
carpet...

As long as there are fallible humans in great numbers administering
network security, firewalls are only the beginning...

I think that this will evolve to a point where most companies
outsource their network security including firewall management, just
like most companies now outsource security services rather than hiring
their own security guards. Of course, larger corporations will tend to
do both of these things in house.

Michael Dillon                                   ISP & Internet Consulting
Memra Software Inc.                                 Fax: +1-604-546-3049
http://www.memra.com                             E-mail: michael@memra.com

[Next]


Dave Dittrich <dittrich@cac.washington.edu>
Last modified: Wed Jun 19 09:17:02 1996