Firewalls: Re: SATAN

Firewalls
(March 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: SATAN
From:	fc @ all . net (Dr. Frederick B. Cohen)
Date:	Wed, 22 Mar 1995 20:21:42 -0500 (EST)
To:	firewalls @ GreatCircle . COM
In-reply-to:	<Pine . SUN . 3 . 91 . 950322191900 . 20693E-100000 @ little-miami . iac . net> from "Carl Jolley" at Mar 22, 95 07:44:46 pm

> > > Dr. Frederick B. Cohen wrote:
> > > > 
> > > > The real question is whether the good guys will get the release before
> > > > the bad guys and how you tell them apart.

This was a rhetorical question - and although it may be an interesting one,
I certainly didn't intend it to generate 10 replies at each of 4 levels of
depth!  But since it caused such a stir, I'll answer it for you.

	I'm a good guy and the rest of you are highly suspect.

Except for who the 'I' refers to, I figure that most of the good guys
who have enough experience in info-sec should agree with this. 

None of this changes the issue of who to release attack code to.  This
issue is closely related to the release of source code for computer
viruses some 11+ years ago, and since I have a little insight into this,
let me share a bit of it with you at a superficial level for your open
amusement and abuse. 

My decision in 1983 was to release pseudo-code so that anyone could
understand how things worked but I was not directly causing harm.  Of
course lots of attackers easily implemented attacks, while most
defenders couldn't reduce this pseudo-code down to anything of practical
value.  So much for that idea. 

Now-a-days I lean toward the release it or someone will figure it's
worth killing you to keep it secret point of view.  Once anyone else
knows you have such a thing, you are likely to be attacked by people
using psychological or other means to get you to release a copy to them. 
The people who got Beta releases of SATAN were those who managed to win
the psy-ops and technical battles with the creators and their systems.

There is of course another approach which we take at URL:
		http://all.net:8080

Provide a means for people to test for the vlnerability without giving
them the ability to launch against others.  I really like this approach
because it places the trust firmly where it belongs - with the person
who posesses the attack code.  Since they could use it in a clandestine
fashion without permission, little is lost by them using it with
permission.  Ignoring, for the moment, the technical issues of how to
make such a service reliable and relatively safe, it seems like a good
compromise for today.

FC

Follow-Ups:

Re: SATAN
From: Goran Svensson <goran @ btj . se>

References:

Re: SATAN
From: Carl Jolley <cjolley @ iac . net>

Indexed By Date	Previous:	Re: SATAN From: ericm @ microunity . com (Eric Murray)
Indexed By Date	Next:	Satan_doc on Solaris 2.3 From: peter @ aodc . gov . au (Peter Edward Voss)
Indexed By Thread	Previous:	Re: SATAN From: ericm @ microunity . com (Eric Murray)
Indexed By Thread	Next:	Re: SATAN From: Goran Svensson <goran @ btj . se>