A Watchman to Stand Guard Over the Net
I ended my article, "There's No Place Like Home Security," by asking readers how to thwart script kiddies and hackers. Readers brought to my attention a Web site called www.myNetWatchman.com, and after reviewing the site, I couldn't be more imI ended my article, "Theres No Place Like Home Security," by asking readers how to thwart script kiddies and hackers. Readers brought to my attention a Web site called www.myNetWatchman.com, and after reviewing the site, I couldnt be more impressed. The site allows you to download a free agent that parses your firewall logs and sends the hack information to two MNW servers, which filter the logs and automatically send e-mail notifications to the ISPs or administrators responsible for the attacking systems. MNW monitors all activity, and when sufficient corroborating evidence is received, automatically sends an e-mail escalation. What makes myNetWatchman stand out above similar services is the Web access it provides agents, allowing them to look up their own data and see the escalation status of every hack attempt.
The sites creator, Lawrence Baldwin, told me he had been amazed at the number of hackers who tried to break into his home computer, so he decided to do something about it. Baldwin was dismayed at the time it took to review each port scan, determine if it was an overt hack attempt and figure out whom to notify. He created software and parsing agents that run on most platforms and are compatible with many popular firewalls, including BlackIce, ZoneAlarm and even Cisco PIX. As more people started using the agent software, currently totaling 1,100 agents worldwide, MNW was able to create an advanced filter that recognizes overt hack attempts. The next task was to create a database and bot that would look up the offending IP address and send an abuse report to the appropriate ISP or person.