MyNetWatchman

[jbredmound]

I was at the MNW website today, looking at my personal attack records, the records of my ISP, and the "Leaky ISP" list, and I thought to myself that we are always talking about our dependency on** or this thing or that thing, about the "freedom" of open source, but we don't acknowledge some of the folks who are with us, rather than selling to us.I think Lawrence Baldwin & Company are "with us". I don't know about his financial success with MNW, but I know that the model that he is using means that he can serve his paying customers for a lot less than the fancy labs that are doing essentially the same thing. Somewhere, that cost savings can benefit us.The MNW vision statement is here.MNW seems to hover at just under 1500 "agents" world-wide. I think that is a shame. With what he is trying to do, he should have 5 or 6 thousand folks out there, trying to help the cause.Does anyone remember when the IM pop-ups (I think the most prolific was the one about University Degrees) started happening. The first outfit to figure out what was happening and broadcast it was MNW!It seems that uploading firewall logs is a small price to pay to be part of this effort.What does anyone else know, or think, about MNW? Am I being a sucker here, or what? What do the people who don't participate know that I don't know?I would sure like to see that "agent" count go up!

[siebkens]

It seems that uploading firewall logs is a small price to pay to be part of this effort.What does anyone else know, or think, about MNW? Am I being a sucker here, or what? What do the people who don't participate know that I don't know?

Great question JB - I haven't seen this discussed. I've seen lots about spam blacklists & whitelists & this seems to be something akin to blacklists, but hopefully better researched & not so wide open as spam blacklists.

[ibe98765]

I tired MyNetWatchman some time ago. I had a problem where I needed to uninstall the program. But I couldn't do so because Lawrence was depending on an .MSI file in the temp folder, which I had long cleaned out. It took 4 emails to get a reply form him, essentially saying that he was always busy and if he didn't know the answer to a problem, then he didn't bother to respond, which doesn't meet my standard for support.If you want to participate in intrusion detection, you might be better served to try http://www.dshield.org.

[jbredmound]

Great question JB - I haven't seen this discussed.  I've seen lots about spam blacklists & whitelists & this seems to be something akin to blacklists, but hopefully better researched & not so wide open as spam blacklists.

Actually, MNW is an Internet "hunter", looking for sources of attacks on ISPs, us, etc. When MNW notifies an ISP of a problem, it can include logs from multiple "agents" to prove the validity of the report. MNW then tracks the responses of the ISP, and lets us know.Big enough, this kind of system could put real pressure on ISPs to clean up their monitoring act.I am still of the opinion that ISPs should subscribe to this kind of service, and if another ISP continues not to respond to notifications of attacker using their system, that ISP should be blocked. Doubt that I would miss china.net.

[jbredmound]

I tired MyNetWatchman some time ago.  I had a problem where I needed to uninstall the program.  But I couldn't do so because Lawrence was depending on an .MSI file in the temp folder, which I had long cleaned out.  It took 4 emails to get a reply form him, essentially saying that he was always busy and if he didn't know the answer to a problem, then he didn't bother to respond, which doesn't meet my standard for support.If you want to participate in intrusion detection, you might be better served to try http://www.dshield.org.

I just signed up, downloaded the client, and signed up for the mailing lists. I am looking forward to seeing how this works. Thanks for the tip!

[Scot]

I'm a big MyNetWatchman fan, although I'll admit I'm not always running it. But it is a past Link of the Week in Scot's Newsletter. Watch for ZoneAlarm 4.0. MNW is built into it. A good deal for both Lawrence and Zone Labs. A great idea, actually.-- Scot

[jbredmound]

I'm a big MyNetWatchman fan, although I'll admit I'm not always running it. But it is a past Link of the Week in Scot's Newsletter. Watch for ZoneAlarm 4.0. MNW is built into it. A good deal for both Lawrence and Zone Labs. A great idea, actually.-- Scot

I didn't know that...Good for Lawrence! He's been "hanging in there" and doing some good work.

[Guest genaldar]

I used it for most of the time I had dsl at home. I even kept it up when I switched to dial up. But when I moved to school I couldn't run zone alarm so I quit using it. Since then I haven't bothered installing za or it since I'd have to get rid of them once I get back to school and I'm not really a target on dial up. Great program though.btw for the uninstall problem did you try reinstalling it then uninstalling it?

[jbredmound]

As I said earlier, I signed up with D Shield, and I have been working with it. My observation as a "user" (vs "wirehead", vs "writer") is that it is too complicated to be entertaining. I have spent a lot of time "finding my way around", and I still haven't touched their full usefulness.I am not driven to find the badguy and tell him off. I am driven to help someone who is inclined to tell him off.I will continue to report to D Shield, because I believe in this, but I will learn about activity in the WWW from MNW because Lawrence spoon-feeds me.Thanks much for the heads-up to D Shield. I will donate bandwidth to anyone who is sincerely trying to find the bad guys.By the way, as I have taken this little journey, I have developed some thoughts (scary thing).While I'm on the bandwagon for "Jam Spam", I believe that they are on a looooong road. Perhaps we should begin discussing with our ISPs the possibly of simply blocking whole domains that not only let their members misbehave, but fail to respond when they are notified of a problem. I realize that this could "black out" a significant part of the world, but I have to ask, for how long?This is comparable to a 1st Amendment argument; do we silence everyone because their provider is is irresponsible?Most of these providers are businesses, and if they are not, do we need them providing gratis services to bad guys?I really think that, long before Jam Spam has any international impact, we are going to have to slap some slackers. If legitimate business in those areas decide to go to satellite, while the masses can't, we may have to slap them, too.Or, we will have to make sure that everyone has access to a legitimate, responsible server.I totally love the WWW, but we have to have a few rules, and the most important ones have to be enforced rigorously