Date: Tue May 09 1995 - 07:29:51 CDT

Many Thanks to all who responded:

> Is Satan available, if so how do I get hold of it?
> Any help/guidance appreciated.
> I do not have a direct connection onto the internet!

The majority of responses said it was worth having, (however, if not
connected to the outside world then you do not need it !) Also if
you only have a small number of hosts then it it not really worth
the effort.

It is available from the following ftp sites:

The following sit is the home site:

NOTE: Satan has already been updated to 1.1.

For those of you without a connection to the internet there is a
gzip-ed version of Satan.


Satan does not check anything which is arcane or difficult to do
The great advantage of Satan is that it allows you to check form well
know security holes on a large number of hosts at the same time.
Apparently if Satan does not highlight any security holes this does
not neccessarily mean that you do not have any problems.

The following summary was poasted to the sage newsgroup:

> The following summary was posted to the sage newsgroup:
> What's all this about SATAN?
> ----------------------------
> SATAN, to be released April 5th, is a Security Administrator Tool for
> Analyzing Networks written by Dan Farmer and Wieste Venema. Combining a
> GUI front-end with a rule-based probe engine, it is both well designed and
> easy to configure, use, and upgrade. SATAN should definitely become part of
> every sysadmin's toolkit, right along with COPS and Swatch.
> As shipped, SATAN will test for 11 well-known vulnerabilities (NFS mounting
> holes, rexec, old sendmail versions, and suchlike) - if you've been paying
> attention to CERT advisories and patching accordingly, you should find few
> surprises. The tool is designed to probe, rather than probe and exploit.
> The real dangers of SATAN arise from its ease of use - an automated tool
> makes it very easy to probe around on the network. Arbitrary hosts may be
> probed, and the "network of trust" feature encourages searches of machines
> peripheral to the target machine (sites showing up in .rhosts files, for
> example, are automatically added to the probe list in most configurations).
> Denial of service due to large numbers of SATAN probes may be a very real issue
> for some well known sites. The other major worry is that little effort is
> required to add new probes (so new holes may be discovered and explored more
> rapidly by more people than in the past), and it seems a fairly small amount of
> work to convert "probe only" scripts to "probe and exploit."
> There's already been a "SATAN detector" released: Courtney (which detects
> SATAN probe activity via tcpdump data) is available from
> Other SATAN sniffers should
> be available soon.
> In summary: SATAN is a well-made tool which should prove valuable for
> security admins. Get it and use it.
> References:
> "Improving the Security of Your Site by Breaking Into It", Dan Farmer and
ietse Venema
> SATAN documentation:
> CERT advisory CA-95:06 :
> CIAC Notes 95-07:

Once again thank you to:

Ivan Kipacik
Claus Assmann <>
Sergey Gribov <>
Stan Hoffman
Daniel M Flax
Dave Wagle
Steve Harris tnibsd!
Tom Plesha and
Larry Ridenour

Irana Whitaker-Patel
Systems Administrator
HR Wallingford
Howbery Park
Oxon OX10 8BA

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:24 CDT