Re: SATAN's Footprint?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Jake Hill: "Re: Welcome to ids"
• Previous message: *Hobbit*: "Attack pathology"
• In reply to: Andrew PRUSEK: "SATAN's Footprint?"
• Next in thread: MICHAEL S. HINES: "Re: SATAN's Footprint?"

On Wed, 29 Mar 1995, Andrew PRUSEK wrote:

> Hello
> 
> Anyone got hold of SATAN yet?

Yes, beta testers. No, others not yet. Yes, I *am* holding my breath 
waiting :-)

> 
> Anyone know what to expect if your site is being probed
> by SATAN?
> 
> Apart from the expected port scanning, sendmail, telnet,
> tftp, finger, rpc setup, r-commands, yp, nfs and dns being
> rattled is there anything else that one should look
> out for?

This is a very interesting idea. Having SATAN (and ISS and Tiger et al) 
having some kind of signature built it. Thus enabling a sysadm knowing 
what tools are used to attack.

---------------------------------------------+---------------------------------
  Goran Svensson                             ! I can speak for myself, and I do
  BTJ System AB                              +---------------------------------
  Email: goran@btj.se                        ! This is my opinion. I reserve 
  Snail: Box 4066, S-227 21 Lund, Sweden     ! the right to change it, doubt it
  Phone: +46 46 180 000, Fax: +46 46 180 333 ! or deny it at any time.
---------------------------------------------+---------------------------------
   Believe nothing, no matter where you read it, or who said it, no matter
   if I have said it, unless it agrees with your own reason and your own
   common sense.
                                          --Buddha

• Next message: Jake Hill: "Re: Welcome to ids"
• Previous message: *Hobbit*: "Attack pathology"
• In reply to: Andrew PRUSEK: "SATAN's Footprint?"
• Next in thread: MICHAEL S. HINES: "Re: SATAN's Footprint?"