Date: Fri, 11 Apr 1997 10:26:27 -0300 (ADT) From: The Hermit Hacker <scrappy@hub.org> To: "Serge A. Babkin" <babkin@hq.icb.chel.su> Cc: khetan@iafrica.com, security@freebsd.org, hackers@freebsd.org Subject: Re: SATAN under FreeBSD Message-ID: <Pine.NEB.3.96.970411101637.235l-100000@thelab.hub.org> In-Reply-To: <199704111311.TAA06060@hq.icb.chel.su>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 11 Apr 1997, Serge A. Babkin wrote: > > > Or just set in the options that the .pl suffix means a HTML file. > > > It worked great for me. The only problem is that I found > > > absolutely no usefulness in SATAN. The "holes" it reported > > > about were so idiotic. > > > > > Any useful resources that I can look through on how to debug > > things? For instance, one of the machines at the office is an old > > Altos machine running 'Sendmail 5.59/Altos-2.0 ready'...I'd like to be > > able to test that one for any holes. > > I awaited a like thing from SATAN too. But almost all it did was analysing > the NFS exports :-( Looking at the work on SATAN, and what it was trying to address, why isn't there a list compiled of 'how to break into an insecure system'? Something that a system adminstrator could sit down and go through, one by one, to test their systems? One of the 'papers' that I've come across through Yahoo is found at: http://www.geocities.com/SiliconValley/Lakes/6866/admin.html which details several different methods of cracking into a system, but its by no means complete, and all of them fail even on that old Altos machine, so, like SATAN, is practically useless. Does anyone else know of something similar? Maybe start up a 'Improving Security' section off of the FreeBSD web pages with links to *good* papers like the above? Marc G. Fournier Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96.970411101637.235l-100000>