The release of this tool has engendered a great deal of discussion and debate about security tools. This was undoubtedly one motive of the authors. However, they appear to have taken care to only scan for known vulnerabilities, and to include pointers to information on how to fix the problems found. Overall, SATAN should be very helpful to legitimate system admins in securing their systems.
You can browse a list of the distribution mirror sites if you want to find other distribution points.
Dan Farmer's SATAN WWW page might also be of interest.
Comprehensive information about SATAN is also available from the AUSCERT (Australian CERT).
The CIAC has also provided information on SATAN . This gives details on how SATAN runs, what it searches for, what vulnerabilties should be fixed, how to fix them and how to detect SATAN scans on your system. This document is also available in the COAST archive in text form. A subsequent warning was as bulletin F-20.
Some vendors and response teams have assembled platform-specific warnings and hints: for Sun Microsystems computers, Silicon Graphics computers, IBM AIX, and for HP computers. The CIAC has issued additional advisories specifically for AIX machines and SGI machines.
Morning Star Technologies has a special post on how their Morning Star Express products interact with SATAN.
Finally, the FIRST secretariat also provides information on SATAN, including links to previously mentioned sites.
The CIAC has provided a tool called Courtney. It uses the tcpdump package to analyse network traffic. This is then interpreted by a PERL script to look for characteristic SATAN packets. This must be run as root.
Robert Evans has written a tool called NATAS that does a simplistic check for SATAN scans. It listens on random ports for a sequence of connections.
Los Altos Technologies has also provided a free tool to detect SATAN, known as Gabriel.
The COAST group at Purdue have released a general-purpose detector for port scans that also recognizes SATAN.
Top 10 Ways You Can Tell SATAN Has Invaded Your Network
10. All keys except the '6' suddenly disabled
9. Your monitor starts spinning around in circles
8. File server starts emitting pea soup
7. Your router begins sending outgoing packets to hell.org
6. 10Base-T wire flies up and wraps around roving sysadmin
5. Your bastion host starts smoking
4. Anonymous FTP rips off its mask to reveal horns and a goatee
3. X terminals become XXX terminals
2. Standard UNIX prompt replaced by inverted cross
and the number one way you can tell SATAN is inside your network:
1. Your firewall turns into a ring of flame
We will post updates here as soon as we get them. Keep checking for further news!