John Admas wrote:
>Well, Current packages such as COPS and ISS provide the same sort of
>high-profile distribution and display of these threats. Even TAMU's tiger
>package does a better job than ISS and COPS, and gives you an incredibly
>detailed report.
Not quite the same high profile. SATAN made the front page of the
San Jose Mercury News last week. I think we've entered a new era of
media exposure, and SATAN may make a bigger splash than we'd like to
see.
>I can't say much for the validity or function of satan, as noone I know of
>has seen the package, but I can say that similiar tools exist, and that
>being as full source code is available for all 3 packages (iss,cops,tiger)
>You can easily find out how the packages detect the holes, as well as what
>you need to do to exploit them.
Yes, those are good sources. Dan Farmer and Wietse Venema's paper
"Improving Your Site's Security by Breaking Into it" would seem to be
a good source of information regarding SATAN's approach to the
problem. One place it is available is
"http://www.ugcs.caltech.edu/~werdna/agtc.html";.
One person who has allegedly seen the package is Keven Mitnick. He
probably won't be using it for a while, let us hope.
--
Howard Owen, System Administrator internet: hbo @
octel .
com
Octel Communications Corporation I am not a pay TV service!
1001 Murphy Ranch Rd. Mail Stop C2-1N I've had the initials longer.
Milpitas CA 95035-7912 Tel. 408-324-6576 /////////////////////////////
References:
-
Re: satan
From: John Adams <jna @
concorde .
com>
|
|
