I ended my article, “Theres No Place Like Home Security,” by asking readers how to thwart script kiddies and hackers. Readers brought to my attention a Web site called www.myNetWatchman.com, and after reviewing the site, I couldnt be more impressed.
The site allows you to download a free agent that parses your firewall logs and sends the hack information to two MNW servers, which filter the logs and automatically send e-mail notifications to the ISPs or administrators responsible for the attacking systems. MNW monitors all activity, and when sufficient corroborating evidence is received, automatically sends an e-mail escalation. What makes myNetWatchman stand out above similar services is the Web access it provides agents, allowing them to look up their own data and see the escalation status of every hack attempt.
The sites creator, Lawrence Baldwin, told me he had been amazed at the number of hackers who tried to break into his home computer, so he decided to do something about it. Baldwin was dismayed at the time it took to review each port scan, determine if it was an overt hack attempt and figure out whom to notify. He created software and parsing agents that run on most platforms and are compatible with many popular firewalls, including BlackIce, ZoneAlarm and even Cisco PIX. As more people started using the agent software, currently totaling 1,100 agents worldwide, MNW was able to create an advanced filter that recognizes overt hack attempts. The next task was to create a database and bot that would look up the offending IP address and send an abuse report to the appropriate ISP or person.
Baldwin said MNW staff were surprised to discover that most attacks are launched from home users or corporate systems with compromised security. “The ISPs love us,” Baldwin said. “Just think of all the different ways their abuse centers received data, which has been cut and pasted into e-mail from millions of users. Our abuse e-mail is all formatted the same way, allowing the ISPs to create bots that can easily parse out the data and automatically take action against the hacker with very little human intervention.” MNW has already had some great successes. During the height of the Code Red incident, myNetWatchman was sending Home. com about 10,000 alert e-mails per day as the MNW servers received five agent updates per second. Home.com warned the affected subscribers, and alerts quickly returned to the normal level, about 50 per day.
I think MNW is just what the hacker doctor ordered.