INFORMATION BULLETIN

F-20: Security Administrator Tool for Analyzing Networks (SATAN)

April 5, 1995 1400 PST


PROBLEM:        Public release of SATAN.
PLATFORM:       Any IP machine connected to the network.
DAMAGE:         Each IP address for a given subdomain is systematically
                scanned for security weaknesses.
SOLUTION:       Install patches and properly configure systems and firewalls.

             
VULNERABILITY   SATAN has been widely publicized in the national media and 
ASSESSMENT:     on various Internet forums. The software is public available
                as of 5 April 95, 14:00 GMT.

Information about Security Administrator Tool for Analyzing Networks

Security Administrator Tool for Analyzing Networks, or SATAN, is a tool for investigating the vulnerabilities of remote systems. Systematically moving through a given Internet subdomain, it probes for weakness in each responding system. The vulnerabilities uncovered are then reported to the user.

CIAC recently released CIAC NOTES 07a article (April 5, 1995) that is devoted to SATAN. The article was based on beta-releases of SATAN and is applicable to the current version 1.0 release of SATAN. There were no major operational changes between the latest beta release and the current version 1.0 public release. By configuring a system correctly, installing all the latest patches, and monitoring system usage, most of SATAN's techniques can be countered, or at a minimum detected. Unfortunately, complete protection from SATAN is difficult. Most of the vulnerabilities it looks for are easily addressable, but some do not yet have satisfactory solutions.

CIAC has recently written a program to defend against SATAN and other similar tools. The program, called Courtney, monitors the connections to the ports probed by SATAN. When an attack by SATAN takes place, the offending host will be reported.

CIAC has also make available the current release of SATAN

SATAN is made up of HyperText Markup Language (HTML) documents, C code, and Perl scripts which generate HTML code dynamically. It requires an HTML viewer (Mosaic, Netscape, or Lynx), a C compiler, and PERL version 5. The user simply interacts with a WWW client, entering necessary data into forms. The control panel for SATAN provides four hypertext options: Target Selection, Reporting & Data Analysis, Documentation, and Configuration & Administration.

Refer to CIAC Notes 7 for an indepth look at SATAN.

CIAC services are available to DOE, DOE Contractors, and the NIH. CIAC can be contacted at:

    Voice:          +1 925-422-8193 (7 x 24)
    FAX:            +1 925-423-8002
    STU-III:        +1 925-423-2604
    E-mail:          ciac@ciac.org
    World Wide Web:  http://www.ciac.org/
    Anonymous FTP:   ftp.ciac.org

This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes.

UCRL-MI-119788
[Privacy and Legal Notice]