myNetWatchman: neighborhood watch for the Internet

Thinking about trust and social capital, in online communities, reminds me of the work of Lawrence Baldwin, the creator of myNetWatchman.com . As I mentioned in a column on broadband security , Lawrence takes issue with the attitude of personal firewalls toward the steady stream of malicious probes that they repel. That attitude can be summed up as: "Don't worry, this is just the background noise of the Internet, and we're shielding you from it."

Not so, argues Lawrence. In his vision statement he writes:

Every time your firewall or intrusion detection system logs an event, don't assume the source is the actual hacker. Think of it as a cry for help from a likely victim whose system has been compromised and is just being controlled by a hacker. It's easy to ignore attacks because they don't present an immediate threat — after all, we have a firewall. However, every compromised system is a real and immediate threat to the underlying Internet infrastructure since these systems could be used to attack others and/or to launch distributed denial-of-service attacks (DDoS), potentially incapacitating large portions of the Internet.

In light of these threats, I strongly believe that ALL attack events should be relentlessly pursued.

Lawrence's software reads your firewall event logs, and relays events to his central service, which collates them and automatically notifies the ISPs or organizations that are (usually unwittingly) responsible.

Here is one of Lawrence's success stories .

myNetWatchman is a brilliant use of a network of distributed agents, and perhaps an excellent business model in search of funding, if Lawrence is inclined to go that way. But fundamentally it hearkens back to something we all know in real life: we're safer when we watch out for one another. Good neighbors report trouble when they see it. If you saw somebody breaking into a neighbor's house, you'd report it. Well, we're all neighbors here in cyberspace. Lawrence's software makes it easy to report trouble.


Former URL: http://weblog.infoworld.com/udell/2002/04/08.html#a182