myNetWatchman   KnowledgeBase

Pooling knowledge to
secure the internet.


mNW Reports  FAQ: mNW Reports




(Registered Users Only)


Look Up Incidents by IP Address
 

 

The New myNetWatchman Site

I started myNetWatchman as a small one-man project whose aim was to satisfy my curiosity. The niche in which it evolved is so challenging and promising that, three years later, it is has evolved into an enormous project project which successfully addresses internetwork security issues through automated real-time alerts — and continues to satisfy my curiosity.

In the context of the hundreds of code changes, consultations, configurations, tests and analyses performed over the course of any given week, it is perhaps understandable that the user-friendliness aspect of the website has long been neglected. In any case, the fact that this enterprise represents commuity-based security necessitates that the information we present be accessible by the community! In that light we've initiated a series of very significant changes to the way we present our information.

  • New menus with reorganized content - When you live in a sea of aggregate data, you lose perspective of what is raw data and what is digested. We've taken a fresh look and reorganized the site in a way that will invite your intuitive understanding.

  • Universal availability of most widely used features - Our dynamic reports form the backbone of our service. Most common reports are now available through drop-down menus that are available from any page on the site.

  • Help screens to explain reports - We've worked so closely with some of the reports that they are second-nature to us, but recognize that this isn't the case to many members of our community. We are adding generous help text to help you understand the value of the reports.

  • Large-scale editing of content - As we go forwared, we continue to modify the content of our webpages for clear and easy presentation.

  • Essential data on the home page - We've repackaged our home page to deliver a snapshot of what myNetWatchman is about at the moment:
    • News - The myNetWatchman database is a live system processing millions of firewall events per day. This gives us a cutting-edge perspective on many news stories, from the the implication of newly disclosed vulnerabilities to the minute-by-minute tracking of corresponding exploits. Look to see our breaking news on our home page.
    • mNW Stats - Every report on our system stems from our network of over a thousand agents submitting millions of firewall events per day. The mNW Stats show aspects of this tide of data.
    • Increasing Ports - Perhaps the most vital report on the entire system, this report monitors port attacks that are on the rise. Look here for first signs of the next bad thing!
    • Top Ports - A valuable analysis of the most frequent attacks. Useful to guage how a known attack (ie, MSBlast) is faring.
    • Closed Incidents - Identifying and sending out escalations based on attack data is vital, but nothing is more satisfying than seeing ISPs following up on those alerts by closing the incidents, often sharing valuable comments about the nature of the attack.

Most of this work is done, but some is still in progress, and and we have a hefty list of tasks lined up for the the next phase. Do you like what you see? Is there something you could suggest? We'd be thrilled to hear from you.

As I mentioned earlier, this has evolved into an enormous project, and I'd like to take a moment to thank all those who have been wonderfully helpful to me in all apsects of this project, including developing code, elucidating concepts, brainstorming, designing and and sharing data. Most of all, I would like to thank our network of myNetWatchman Agents without whom the site would just be another statistical dream.

Lawrence Baldwin
President
myNetWatchman.com