Not Registered? Sign Up Now!
myNetWatchman Privacy Statement

Log in for advanced features

E-mail:

Password:

 
  Remember Me

mNW Reports  FAQ: mNW Reports





(Registered Users Only)


Look Up Incidents by IP Address
 

 

Bug Fixes

Don't be alarmed by the number of bug fixes that are reported here. Every application and every version of every application has bugs...you just aren't always told about them. myNetWatchman is NOT a static site, I am literally adding new functionality and patching bugs on an hourly basis. The difference is that I notify you exactly what was done and when it was done for every change I make. This way if you starting having a problem and it was related to a change I made, we can both quickly correlate it.

B0020: 10-Aug 01 10:47 -0400 GMT - Added IP address validation to input parser

All input parsers now validate Source and Destination IP addresses. If either is invalid the submitted data is rejected. This will prevent bogus submissions from the web form or custom agents from causing the DNS lookup process to stall.

B0019: 15-Jul-2001 07:24 -0400 GMT - Username/Password in URL after registration or edit profile

There was some old logic that was adding your username and password as query strings in the URL after you either registered for the first time, or edited your profile. These have been removed.

B0018: 14-Jul-2001 23:00 -0400 GMT - Forget Password fixed

The 'Forget Password' feature will now e-mail your password again....this broke when I upgraded the server a few weeks ago.

B0017: 02-Jul-2001 10:22 -0400 GMT - Fixed v1.13 Install Kit

The previous v1.13 Install Kit on the mNW FTP server actually contained the v1.12 version of nwclient.exe. Unfortunately, my development server has been down for several weeks so I wasn't able to build the proper install kit until today. If you are running the Windows agent, please check the 'About' screen and make sure you are running the most current version. Click the 'Upgrade' link at the top of the home page if you need to upgrade.

B0016: 02-Jul-2001 10:22 -0400 GMT - Expanded Agent Password Field

Previously Agent passwords were restricted to 10 characters. Several users typed in longer passwords not realizing they were truncated. Then they would enter the full password in the mNW agent, causing authentication problems. I also added a comment indicating that the max length is 15 characters.

B0015: 07-Jun-2001 09:39 -0400 GMT - Complete rework of (login) session management

In order to access any personal functions (e.g. events reported today, Edit Profile, etc..) you MUST be logged in to myNetWatchman AND have a valid session. In the past, if you logged in, but remained idle for 5-10 minutes your session would automatically timeout (standard IIS practice). If you then tried to access any personal functions you would either get an error, or you would receive default information (NOT your information).

Also, in the past the ONLY page that you could log in through was the home page. So if you bookmarked a personal functions page and tried to access that page directly (without going >through< the home page) you wouldn't get your personal information.

I have now encapsulated all the login and session management logic in a sub-routine and included calls to this subroutine on every page that requires a login. So now a new session will automatically be created for you regardless of what page you use as an entry point to the myNetWatchman server.

Sorry for any confusion that the previous code caused...it was a serious mess.

B0014: 30-May-2001 10:22 -0400 GMT - Duplicate alert e-mails being sent

Starting on 28-May 22:36 (GMT) we were inadvertanly sending TWO e-mails for each escalation. I had added some error handling logic to the e-mail script that issued the SEND command twice. This was corrected on 30-May 14:24 (GMT). I am VERY sorry for any inconvience this may have caused...the last thing I want to do is send unnecessary e-mails. What really suprised me is that not a single person complained....I only noticed duplicate carbon-copies this morning and started investigating.

B0013: 24-May-2001 06:40 -0400 GMT - IncidentID collision problem

Fixed ProcessIncoming logic. Under heavy insert activity there was a small window of opportunity for unrelated attack events to be assigned to the same IncidentID. Converted IncidentID to an Identity column so that SQL will auto-assign an appropriate IncidentID and handle concurrency issues.

Many thanks to Agent: mcwill for identifying this problem.

B0012: 21-May-2001 14:50 -0400 GMT - Added date range validation to Windows-based parser

I was continuing to get very old data from a lot a new agents that forgot to clear their firewall logs before starting up the agent, so now the parser automatically rejects any data where the attack date time more than 72 hours old.

I also reject any data where the attack date time is more than 5 minutes into the future...so please make sure your clocks are sychronized to within 5 minutes of the current time, otherwise your data will be filtered. It is highly recommended that you obtain an Network Time client (NTP) so that you can automatically synch with an atomic clock.

I haven't moved this code to the PerlAgent parser yet, so all data submitted by PerlAgents isn't subject to this range check....but it's coming.

B0011: 21-May-2001 09:00 -0400 GMT - Fixed Edit Profile to allow State selection

If you attempted to view your profile your state selection wasn't being displayed properly...fixed.

B0010: 18-May-2001 08:15 -0400 GMT - Parser fixes

Added support for 4 new BlackICE query strings that are included int the log...this should eliminate many "Internet Server Error" issues.

Added check for ZA logs to ensure that log format is comma-delimited. If it isn't, report error to user in status window with info to check log format options.

B0009: 11-May-2001 10:21 -0400 GMT - Proceduralized the ParseField function. Integrated new fuction into Inbound e-mail processing for subject line parsing. Used same procedure to parse port# info from BID 'parameters' column

Win32 Agent users may have experienced some errors in your agent status box between 09:45 and 10:21 when these changes were being integrated into the input parser.

B0008: 11-May-2001 00:48 -0400 GMT - Eliminated Query string passing of Email-address and password when selecting 'Edit/Register'...now passwords are NEVER displayed in browser URL in clear text.

B0007: 09-May-2001 13:18 -0400 GMT - Netgear parser completed/tested

First Netgear user is up and running, logging his Netgear logs to a Unix box, then using SAMBA so that the Windows-based myNetWatchman agent can monitor the Unix syslogd file. A bit convoluted, but it works.

B0006: 09-May-2001 13:18 -0400 GMT - Allow IssueID="NULL" for non-BID agents

B0005 added validation of the IssueCode field (requiring it to be an Integer)...however, all non-BID uploads set IssueID="NULL"...so we need to accept that as well. All non-BID agents data has been inadvertantly filtered since B0005 was implemented...if your running v1.13 client you should have been receiving the following error message in your status window:

mNWStatus: INVALID_FIELD - One or more log fields are invalid...record skipped.

B0006: 08-May-2001 16:51 -0400 GMT - Optimized Agent Network by Provider Report

Execution time is now 2 secs. vs. 32secs. Was totalling a column that was completely unecessary and very costly from a performance perspective.

I'm also in the process of setting most of these reports to be loaded into temp tables and then refreashed automatically at fixed intervals (e.g. 5 minutes, 10 minutes, etc.). The Agent Network by Country/State is already set up as a temp table...you can see the perf. difference...it is NOT being auto-refreshed yet, I'm updating it manually every 24 hours....so don't expect to see your city/state/country pop up right away.

B0005: 08-May-2001 16:16 -0400 GMT - Added validation on BID 'IssueCode' filed to fix parsing of something like this:

Logline: 0:59, 2003102, TCP port probe, 217.3.122.217, pD9037AD9.dip.t-dialin.net, 208.63.164.2, , port=6346, 84, B

(Note the missing start of the log line...the real issue here is that intermittently I'm not getting a whole log file...it's fragmented and then the parser chokes on it...not sure what is causing it)

Parser now returns this message if any fields fail validation:

AttackDatetime is type: Date mNWStatus: INVALID_FIELD - One or more log fields are invalid...record skipped.

Reported by Agent: 'gpend' (Thanks)

B0004: 08-May-2001 15:50 -0400 GMT - Fix broken link to SAMBA Swat issue. Thanks to Agent 'scheidell'.

 

B0003: 08-May-2001 12:10 -0400 GMT - Fix broken data handling in BlackICE parse

B0001 broke BlackICE parsing because datetime was being stored in a 'string' datatype. Forced this to 'date' datatype so that new type validation would no longer fail. BID agents may have experienced errors between 10:00 and 12:10 EST today.

B0002: 08-May-2001 10:30 -0400 GMT - Added error handling to SQL stored procedure that inserts records

Previously I wasn't checking for an error status after an insert attempt and would attempt to process the incoming record whether it was inserted or not...this would cause random errors to be displayed in the agent status window (v1.13 required)

B0001: 08-May-2001 10:00 -0400 GMT - Added Attackdatetime validator to input parse

Sometimes log fragments are received which do not include all the proper fields. This causes SQL fatal errors when inserts of this data is attempted. Added a type check for AttackDate time prior to executing SQL insert...also reports a INVALID_TIMEDATE error to client (v1.13 only will be able to see this in the status screen).

(start bug change numbering here)

07-May-2001 21:46 -0400 GMT - V1.13d2 Bug / Workaround

If agent attempts to upload a log record > 128 bytes the agent will stop being able to upload and you'll constantly see random characters appear in the HTTP status box.
(Note: It is normal for these characters to appear occasionally)

I'll have the fix out tommorrow, but in the mean time if this happens you should be able to work around the problem by clearing your firewall log (e.g. BlackICE 'Clear Attack List')

06-May-2001 15:52 -0400 GMT - Web/PerlAgent uploads fixed

PerlAgent upload were broken also today...it's fixed now and I'm pretty sure the same fix will re-enable web form uploads (but haven't tested it yet)..Sorry about that major mistake on my part.

06-May-2001 13:06 -0400 GMT -

The Web Form report interface is currently broken due to the changes listed below..should be back up in a few hours....sorry for the trouble. LB.