Anyone a myNetWatchman agent?

[Fraoch]

myNetWatchman is a site that collects firewall logs, aggregates them and attempts to take action on the most widespread attacks.

I find it's a lot better than simply running a firewall because you can actually do something about the attacks:

Quote:

Originally Posted by myNetWatchman about

We receive responses back from about 25-30% of the escalations we send. All of the response information, often with candid details on how the system was compromised and what steps were taken, is all recorded in the incident detail. Many ISPs do process and act upon our alerts, but unfortunately they don't have the automated systems to provide e-mail confirmation of their efforts... but rest assured that most alerts ARE acted upon.

In summary, think of myNetWatchman as a centralized firewall log analyzer and escalation system that adds a global perspective to your event data--something that no standalone product can achieve.

(from http://www.mynetwatchman.com/about.asp)

Last night I modified my SmoothWall box to transmit firewall entries to myNetWatchman with dramatic results:

Quote:

Event Date/Hour Event Count
2006-08-12 21 15
2006-08-12 20 30
2006-08-12 19 31
2006-08-12 18 20
2006-08-12 17 74
2006-08-12 16 112
2006-08-12 15 44
2006-08-12 14 150
2006-08-12 13 66
2006-08-12 12 106
2006-08-12 11 38
2006-08-12 10 28
2006-08-12 09 22
2006-08-12 08 22
2006-08-12 07 36
2006-08-12 06 48
2006-08-12 05 54
2006-08-12 04 105

Whoa! Note some of the entries today are lower than they should be because my SW box has been up and down as I've been applying various mods.

Some of these events are part of global events that have been escalated and reported to the ISP.

I tried a mod that did something similar at DShield, which seems to be a much larger site, but the mod requires a working SMTP server on your network.

Anyway, if you have a compatible firewall, I urge ABXers to sign up. Worldwide there are only 673 agents in the minimum 3 years the site's been around. This is growing though, last night there were 667.

Obviously you have to have an automated mechanism for submitting reports with incident numbers like mine.

Incidentally participation in my province is very high. We have more agents than anywhere else in the country, half as many agents as in all of the U.K., almost as many agents as New York state and 1 more agent than Texas! See http://www.mynetwatchman.com/agentnetbystate.asp There's even one agent in Vanuatu.