SATAN - Security Administrator's Tool for Analyzing Networks
>From: Paul D. Robertson [SMTP:proberts @
>Sent: Tuesday, February 04, 1997 9:57 PM
>To: Frank Willoughby
>Cc: winspace @
au; firewalls @
>Subject: Re: SATAN user group?
>On Tue, 4 Feb 1997, Frank Willoughby wrote:
>> o The software was/is out-dated (even when it was released). If you are
>> keeping your software current, then it is highly likely that your system
>> will contain patches for vulnerabilities that the SANTA tool would
>From what I've heard, the 3rd pre-release was very agressive, and like
>all tools, it needs to remain current.
>> because of problems in other areas, your system is vulnerable to being
>> taken over - in spite of a report from SANTA that your system is OK.
>> Use the right tool for the right job. SANTA tests (primarily) the
>> networking component, and it doesn't do that very well, IMHO.
>It's quite specifically targeted for networks.
>> o The SANTA tool performs a very small portion of the tests that ISS
>> and other vendors' products perform. If it doesn't test for attacks
>> such as SYN-flooding or the "Ping-of-death", then it can't tell you
>> if these will be a problem for you or not.
>It's very difficult to run a denial-of-service attack without denying
>service, don't you think? Most of us who claim it doesn't do enough are
>the same ones who would claim it did too much for the bad guys if it were
>released with a more agressive suite of tests.
>> o A "clean bill of health" from the SANTA tool give the sysadmin a false
>> sense of security about the security of his/her systems.
>If they don't know what it does, and doesn't do. This is true of *every*
>> o At best, the SANTA tool will tell the beginner sysadmin if they
>> have overlooked something basic, but beyond that, it is useless.
>It's extensible, and that's one of it's main features, if you don't grow
>it, then yes, it's not much more than a rubber stamp for a limited set of
>vulnerabilities, that's true of any analysis tool in a dynamic environment.
>> o Another nit is the choice of the name that was chosen. In one stroke,
>> DF & WV managed to alienate those who are offended by the name "SATAN".
>> The name SATAN signifies the epitome of evil. If the tool was intended
>> to be used for good rather than evil purposes, the choice of the name
>> was the worst one possible. I don't know the agenda behind the name,
>> but I am curious why they chose that particular name than any of a
>> multitude of other suitable names.
>If the name of a program is that bad to someone, then I'd respectfully
>suggest that they're in the wrong line of work. Given, if I recall
>correctly, Dan's naming of a program Fuck!, SATAN could even be
>considered a step up. :)
>> o Further, since the source code is available, any sysadmin can add
>> custom modules to the tool (OTOH, so can the hackers).
>With a C compiler, any sysadmin can write nice helpful programs. On the
>other hand, evil hackers can write mean and nasty programs. ?
>Paul D. Robertson "My statements in this message are personal opinions
net which may have no basis whatsoever in fact."