Guestbook
Note #179
by
SATAN
05/02/2004 @ 02:47
SATAN was written because we realized that computer systems are becoming more and more dependent on the network, and at the same becoming more and more vulnerable to attack via that same network.
The rationale for SATAN is given in a paper that we posted in december 1993 ( Improving the Security of Your Site by Breaking Into it).
SATAN is a tool to help systems administrators. It recognizes several common networking-related security problems, and reports the problems without actually exploiting them.
For each type or problem found, SATAN offers a tutorial that explains the problem and what its impact could be. The tutorial also explains what can be done about the problem: correct an error in a configuration file, install a bugfix from the vendor, use other means to restrict access, or simply disable service.
SATAN collects information that is available to everyone on with access to the network. With a properly-configured firewall in place, that should be near-zero information for outsiders.
We have done some limited research with SATAN. Our finding is that on networks with more than a few dozen systems, SATAN will inevitably find problems. Here's the current problem list:
NFS file systems exported to arbitrary hosts
NFS file systems exported to unprivileged programs
NFS file systems exported via the portmapper
NIS password file access from arbitrary hosts
Old (i.e. before 8.6.10) sendmail versions
REXD access from arbitrary hosts
X server access control disabled
arbitrary files accessible via TFTP
remote shell access from arbitrary hosts
writable anonymous FTP home directory
These are well-known problems. They have been subject of CERT, CIAC, or other advisories, or are described extensively in practical security handbooks. The problems have been exploited by the intruder community for a long time.
We realize that SATAN is a two-edged sword - like many tools, it can be used for good and for evil purposes. We also realize that intruders (including wannabees) have much more capable (read intrusive) tools than offered with SATAN. We have those tools, too, but giving them away to the world at large is not the goal of the SATAN project.
The rationale for SATAN is given in a paper that we posted in december 1993 ( Improving the Security of Your Site by Breaking Into it).
SATAN is a tool to help systems administrators. It recognizes several common networking-related security problems, and reports the problems without actually exploiting them.
For each type or problem found, SATAN offers a tutorial that explains the problem and what its impact could be. The tutorial also explains what can be done about the problem: correct an error in a configuration file, install a bugfix from the vendor, use other means to restrict access, or simply disable service.
SATAN collects information that is available to everyone on with access to the network. With a properly-configured firewall in place, that should be near-zero information for outsiders.
We have done some limited research with SATAN. Our finding is that on networks with more than a few dozen systems, SATAN will inevitably find problems. Here's the current problem list:
NFS file systems exported to arbitrary hosts
NFS file systems exported to unprivileged programs
NFS file systems exported via the portmapper
NIS password file access from arbitrary hosts
Old (i.e. before 8.6.10) sendmail versions
REXD access from arbitrary hosts
X server access control disabled
arbitrary files accessible via TFTP
remote shell access from arbitrary hosts
writable anonymous FTP home directory
These are well-known problems. They have been subject of CERT, CIAC, or other advisories, or are described extensively in practical security handbooks. The problems have been exploited by the intruder community for a long time.
We realize that SATAN is a two-edged sword - like many tools, it can be used for good and for evil purposes. We also realize that intruders (including wannabees) have much more capable (read intrusive) tools than offered with SATAN. We have those tools, too, but giving them away to the world at large is not the goal of the SATAN project.
Note #178
by
DrMaboule
04/02/2004 @ 23:03
Ce portail me laisse bouche bée ! Il est tout simplement magifique et si facile d'utilisation ! Vivement que je fasse mon site avec !
Note #177
by
vidal
04/02/2004 @ 11:45
Je n'arrive pas sous OSX à faire les italiques et les gras
Note #176
by
WebbY
03/02/2004 @ 08:24
100.000, a record!
Started in september 2003 after the name change, GuppY is on the right track.
GuppY has many and positiv users, almost Global in languages.!!
I wish the Team and the users lots of fun with this cool tool...
Started in september 2003 after the name change, GuppY is on the right track.
GuppY has many and positiv users, almost Global in languages.!!
I wish the Team and the users lots of fun with this cool tool...
GuppY regards,
WackoJacko.
Note #175
by
foogy
02/02/2004 @ 21:40
il n'y a pas à dire mais guppy, est vraiment un système non complexe et facile à mettre en oeuvre...il faut vraiment l'adopter
d'aiileurs, j'ai mis en place l'add-on de nicolas, un des membres de la team...un module de e-cards et ça marche au poil...
vivement la prochaine mouture !!!
d'aiileurs, j'ai mis en place l'add-on de nicolas, un des membres de la team...un module de e-cards et ça marche au poil...
vivement la prochaine mouture !!!
