home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam    

Practical UNIX & Internet Security

Practical UNIX & Internet SecuritySearch this book
Previous: 17.5 Monitoring Your Network with netstat Chapter 17
TCP/IP Services
Next: 17.7 Summary

17.6 Network Scanning

In recent years, a growing number of programs have been distributed that you can use to scan your network for known problems. Unfortunately, attackers can also use these tools to scan your network for vulnerabilities. Thus, you would be wise to get one or more of these tools and try them yourself, before your opponents do. See Appendix E, Electronic Resources , for information about obtaining these tools.

17.6.1 SATAN

SATAN is a package of programs written by Dan Farmer and Wietse Venema, two well-known security experts. The package probes hosts on a network for a variety of well-known security flaws. The results of the scan and the interface to the programs are presented in HTML and may be viewed using a WWW browser.

SATAN is large, and has a "footprint" that is relatively easy to detect. Several programs have been written that can warn if a host has been scanned with SATAN .

17.6.2 ISS

The Internet Security Scanner ( ISS ), is a smaller, more aggressive scanner than SATAN . It comes in two versions: a complex version that is sold commercially, and a freeware, stripped-down version. The commercial version is expensive, and we have no personal experience with it. However, we know people who have licensed the commercial version and use it frequently on their internal systems to check for problems.

Authorities with various FIRST teams report that the majority of network break-ins and intrusions they handle begin with use of the ISS freeware scanner.

17.6.3 PingWare

PingWare is a scanning program marketed by Bellcore. It is allegedly based on a series of shell scripts and programs, and provides scanning that is not as comprehensive as ISS . We have no personal experience with this product, and we have had no report from anyone who has actually used it, so we cannot comment on it further.

Previous: 17.5 Monitoring Your Network with netstat Practical UNIX & Internet Security Next: 17.7 Summary
17.5 Monitoring Your Network with netstat Book Index 17.7 Summary