Bugtraq mailing list archives

new iss stuff

From: tbolt () rci ripco com (Dan)
Date: Mon, 9 May 1994 18:32:25 -0500 (CDT)


Grabbed this somewhere..thought u guys might be interested...

                        Security Update

        Announcing
                   INTERNET SECURITY SCANNER 2.0

         Been hacked?  Afraid to find your network has been compromised? 
Internet Security Scanner (ISS) is the first multi-functional proactive Unix
security scanner available to the public.  It is flexible, portable, and
quickly does its job.  It provides Information that you need to fix Security
Misconfigurations.  With more and more hackers breaking into networks and 
compromising tens of thousands of machines, you will want to use ISS to
protect your network.

        For the last 9 months, after its initial release,  Internet Security
Scanner has been vastly improved into the fastest advanced scanner available
with the most vulnerability checks.  The newest version is a major jump ahead
in helping the administrator secure his network. 

        ISS does a Multi-functional Scan of your TCP/IP Network Searching for
Numerous Security Vulnerabilities in your Unix environment that are Exploited
by Intruders.

Internet Security Scanner 2.0 has the following New Features:

        o Over 80 New Vulnerability Checks, including the most recent infamous
Sendmail vulnerability that has allowed Intruders to get past Firewalls.

        *** Including Checks for the Newest FTP Vulnerability [Site Exec] found
in several public versions of FTP daemons.

        o New Technique for TCP Port Scanning that is over 80 times faster
than the original TCP Port Scanner.

        o Brute Force Scanning is Now Built In For Finding Machines like IBM
and Macintosh clients running only FTP or Sendmail.

        o An Improved Domain Name Query Module that generates a List of
Machines from your Nameserver that is easily edited and fed into ISS for
scanning.

        o Two New Modules: ISS Analyzer and ISS Run-time Configuration 
Generator.  

        o ISS Analyzer will Quickly Sort the Output Data from ISS giving You a
Complete and Understable Diagnosis of what Security Vulnerabilities Exist on
your Machines.

        o ISS Run-timer Configuration Generator Has Easy to Follow Menus for
Configuring ISS to What You Want it To Scan For.  This allows ISS to be easily
tailored to the needs of your network.


What do the users of Internet Security Scanner think?

"Rather than wait for a cracker [intruder] to point out the weaknesses in your
network, I suggest you grab a copy of ISS and sleep a little better at night."
                                        -- Sam Kimery, SunWorld Dec '93


"ISS addresses the traditionally weak and oft neglected area of computer 
security under the UNIX operating system.  No system administrator 
interested in preserving the integrity of his data should be without it."
                                        -- Justin Weir, System Administrator


For 45 Days, Beginning May 1st, there is a Special Introductory Price:
        For more information about features and price, please e-mail
                iss () shadow net or cklaus () shadow net

        ISS 2.0 will not be distributed to the public directly because of the
following reasons:

1)  There were complaints that networks were being scanned by sites from other
organizations.  To reduce the liability of this kind problem, ISS 2.0 has built
in control of what network addresses can be scanned and probed so that an
organization's copy can not be used to attack other networks.

2)  It ensures that crackers (intruders) are no longer getting new security
vulnerabilities to check for as these checks are place into ISS.  ISS has
increased speed for checking over 80 new vulnerabilities with understandable
output making it easier to diagnose the security of your network.

        This makes even the most novice to computers able to penetrate most
networks on the Internet.  This is the concern for keeping it from having
everyone be able to scan everyone else's network.

        To help pay for the expenses of development of this product, there is a
fee.  To get an old version, there is a copy for ftp at aql.gatech.edu.

Have fun,
tbolt () ripco com

Current thread:

new iss stuff Dan (May 09)
- <Possible follow-ups>
- Re: new iss stuff Adam Shostack (May 10)
  - Re: new iss stuff Pat Myrto (May 10)
    - Re: new iss stuff Mark (May 10)
    - Re: new iss stuff Karl Strickland (May 10)
    - Re: new iss stuff Steven C. Blair (May 10)
  - Time For New Security Package? (was Re: new iss stuff) David Bianco (May 10)
    - Re: Time For New Security Package? (was Re: new iss stuff) Tom Fitzgerald (May 10)
    - Re: Time For New Security Package? (was Re: new iss stuff) Oliver Friedrichs (May 11)
    - ANNOUNCING THE [8LGM] FILESERVER & MAILING LIST INFO Karl Strickland (May 14)
    - Re: Time For New Security Package? (was Re: new iss stuff) Gene Spafford (May 14)

(Thread continues...)