On Wed, 29 Mar 1995, Andrew PRUSEK wrote: > Hello > > Anyone got hold of SATAN yet? Yes, beta testers. No, others not yet. Yes, I *am* holding my breath waiting :-) > > Anyone know what to expect if your site is being probed > by SATAN? > > Apart from the expected port scanning, sendmail, telnet, > tftp, finger, rpc setup, r-commands, yp, nfs and dns being > rattled is there anything else that one should look > out for? This is a very interesting idea. Having SATAN (and ISS and Tiger et al) having some kind of signature built it. Thus enabling a sysadm knowing what tools are used to attack. ---------------------------------------------+--------------------------------- Goran Svensson ! I can speak for myself, and I do BTJ System AB +--------------------------------- Email: goran@btj.se ! This is my opinion. I reserve Snail: Box 4066, S-227 21 Lund, Sweden ! the right to change it, doubt it Phone: +46 46 180 000, Fax: +46 46 180 333 ! or deny it at any time. ---------------------------------------------+--------------------------------- Believe nothing, no matter where you read it, or who said it, no matter if I have said it, unless it agrees with your own reason and your own common sense. --Buddha