Greetings! This letter serves two purposes. First, it is a bounce test of the COAST mailing list. It has been several months since the last newsletter (much longer than we wanted, actually). In that time, many people have joined the list, and many have left. This is a quick check that the addresses on file are valid. Some time in the next 7-10 days we will be mailing out the next newsletter. The second reason is to provide you with a pointer to our infomation on SATAN. As you have probably read by now, the SATAN security scanner tool has been released to the general public on the Internet. Some people are claiming this to be the end of the net. We don't think this is anywhere near as severe as that. In many ways, the name is the most fierce thing about the tool! Here at COAST, we had a chance to experiment with a beta version of the tool. It only checks for known vulnerabilities of Unix systems. It has pointers to documentation on patches. As shipped, it really does nothing harmful (on purpose - some buggy software may not react gracefully to unexpected network packets). Overall, we didn't find SATAN to be something to worry about. Far worse probing tools are on the loose on the net (although few as automated as this one, and none with as nice an interface). Furthermore, SATAN leaves a large "footprint" that can be easily detected with minimal logs. And, if you are running a reasonable TCP wrapper or firewall, you can pretty much pinpoint where a scan is coming from in addition to preventing it. The COAST archive has a copy of SATAN available. We also have collected together the various warnings and analyses done by various response teams, and combined those with the "courtney" and "gabriel" tools for detecting SATAN scans. (courteny was produced at LLNL/CIAC, and gabriel is freeware produced by Los Altos Technologies). We have even included a little humor about SATAN (only on the WWW page). You can find all of these materials via the COAST homepage @ http://www.cs.purdue.edu/coast/ You can also find them via ftp as ftp://coast.cs.purdue.edu/pub/tools/unix/satan We may have more details in the COAST newsletter, to appear in your mailbox sometime soon. Cheers, --gene spafford