News
2004-07-01 — New
FAQ answers added to help new users get started. Many
thanks to mNW user Jack Eisenberg for compiling this info.
2004-06-01 — New
mNW Agent to support Kerio Winroute Firewall 5.x and 6.x..
A new mNW agent has been developed to convert Kerio 's log
into ZoneAlarm's format. Instructions are included with the
downloaded file. Many thanks to Jiggs for developing this
tool.
2004-04-01 — Improved
myNetWatchman Notification Routing Policy. Effective March
1, 2004 we changed our approach to identifying and notifying
the responsible party associated with myNetWatchman (mNW)
detected security incidents. Previously, we used a combination
of reverse DNS, DNS Start-of-Authority, and IP Whois information
to identify the responsible party. However, have concluded
that this approach is unscalable and ineffective for all but
the largest network providers.
2004-03-22 — Messenger
Spammers Now Fragging. Changes in UDP/1026 and UDP/1027
activity (usually attributable to Windows Messenger Spam)
show that message size is increasing beyond the typical maximum
packet size. A side effect of that is a substantial increase
in 'fragment reassembly timeout' errors. Since a significant
percentage of Messenger spam is transmitted using a forged
source IP, the unfortunate owners of these IPs will likely
notice a significant volume of inbound ICMP error packets
which can significantly degrade performance.
2004-02-19 — New
worm leveraging Beagle.B Backdoor (tcp/8866). The recent
rash of port scans targetting tcp/8866 (the backdoor ports
for the Beagle.B worm) can be attributed to a new (yet unnamed)
worm. Details to follow once info on new worm is available.
2004-02-12 — MyDoom,
DoomJuice, and DeadHat. The recent rash of port scans
targetting tcp/3127 and tcp/3128 (the backdoor ports for the
MyDoom worm) can be attributed to the DoomJuice worm.
2003-10-16 UTC — Windows Messenger
vulnerability may open door to the next Slammer. Details here.
2003-10-15 UTC — With Microsoft's
disclosure that "Buffer Overrun in Messenger Service
Could Allow Code Execution", the Messenger Spam vulnerability
has evolved from vague threat to direct security problem.
2003-10-02 — Messengers Spammers use
spoofed IP addresses when broadcasting their messages. Here's
how we aim to track them down.
2003-09-22 UTC — The new myNetWatchman
site goes live! Learn about the changes here.
2003-09-12 UTC — Released new version
of Windows PopUp SPAM detection & protection utility which
tests udp/135 and udp/1026-1029. Click here
to check your system for vulnerability or here
for further details.
2003-09-04 UTC — Who are the WinPopUP
culprits? You'll be surprised!
2003-08-14 08:00 UTC — Did a bug in
Microsoft's TFTP implementation ultimately reduce the
danger of the MSBlast worm? Click here
for details.
2003-08-13 06:00 UTC — After a day
and a half, myNetWatchman has received reports of MSBlast-like
scanning (tcp/135) from nearly 200,000 distinct Internet hosts.
Click here for details.
2003-08-04 09:00 UTC — myNetWatchman's
Adopt-a-State program begins. We're looking
for people to volunteer 10 or 15 minutes. It's for a good
cause and you would be eligible for a free copy of
ZoneAlarm Pro if you submit information by the end
of August. Click here
for details. |
