Bugtraq mailing list archives
Network Monitoring and Control (announcement)
From: mcn () EnGarde com (Mike Neuman)
Date: Wed, 29 Mar 1995 15:54:17 -0600
Hello, I'm going to send this message to bugtraq, comp.security.*, and alt.security, so I apologize if you see it more than once. Bugtraq WAS first on my list, so I deserve some credit for that. :-) My company has written a program called "Watcher" which allows a system administrator to monitor all login and mail connections on his network, in real-time. The administrator can log data to either a text file or a raw packet file which can later be replayed through Watcher. Most importantly, Watcher allows the admin to CONTROL network users by instantly terminating any connection, setting up makeshift firewalls, or even TAKING OVER (hijacking) any connection. Watcher has a graphical (and text) interface which displays a list of every network login session. The admin can select from this list which brings up a terminal emulator window. The admin then sees EXACTLY what the user is seeing, and what the user is typing. On this window there're also controls to log the connection, as well as to use the active countermeasures as described above. Watcher is an extremely valuable tool for monitoring network activity in real-time. Aside from the obvious security applications, Watcher could also be used to debug network problems, or even to assist users of machines who need help. As with any security program, Watcher can be seriously abused to the point of rendering firewalls, and all one-time authentication systems worthless (including smartcards, challenge/response schemes, pre-arranged password sequences, default unencrypted kerberos, etc). For a description of Watcher, as well as a screenshot and a discussion of the features (both defensive and offensive) Watcher offers, take a look at: http://www.c3.lanl.gov/~mcn/watcher.html NOTE: Watcher has NOTHING to do with LANL.GOV! If you have questions or complaints, come to me and my company. Watcher is not yet available commercially. We haven't decided what to do with it yet (commercial or free?). Until now, we've been using it primarily for our penetration testing and network security consulting for our clients. I'm only making this announcement because the existance and availability of such technology needs to be considered. In addition, since I put up the page yesterday (and made NO announcements), over 60 people have accessed it (out of the usual 2 or 3 who access my home page daily). In order to prevent confusion, I thought I would announce this publicly. A paper on the Watcher is being submitted to the Computer Security Applications Conference (CFP is due in 2 days). I will be putting a copy of this paper up as soon as possible (assuming CSAC has no objections). Feel free to contact us if you have any questions or comments. -Mike -- Mike Neuman (mcn () EnGarde com) - EN GARDE SYSTEMS - Computer Security Consulting http://www.c3.lanl.gov/~mcn - http://www.cec.wustl.edu/~dmm2/egs/egs.html =============================================================================== "Most of these should be 'void', but the people who defined the STREAMS data structures for S[ystem] 5 didn't understand data types." - Solaris source
Current thread:
- MIME question... robert owen thomas (Mar 17)
- Re: MIME question... Doug Hughes (Mar 17)
- <Possible follow-ups>
- Re: MIME question... Pete Hartman (Mar 27)
- Re: MIME question... r.evans () ic ac uk (Mar 28)
- Re: MIME question... mueller_scott (Mar 28)
- Re: MIME question... Jonathon Tidswell (Mar 28)
- Re: MIME question... Christian Wettergren (Mar 29)
- Request to Join Mailing List BRUCE.SHELDON () STATE MN US (Mar 29)
- Network Monitoring and Control (announcement) Mike Neuman (Mar 29)
- Network Monitoring and Control (announcement) Mike Neuman (Mar 29)
- Network Monitoring and Control (announcement) Mike Neuman (Mar 29)
- Network Monitoring and Control (announcement) Mike Neuman (Mar 29)
- Re: Network Monitoring and Control (announcement) Christopher D. Heer (Mar 30)
- Network Monitoring and Control (announcement) Mike Neuman (Mar 29)
- Re: Network Monitoring and Control (announcement) root (Mar 30)
- Re: Network Monitoring and Control (announcement) Christopher Samuel (Mar 31)
- Watcher page moved (and ObBug) Mike Neuman (Mar 31)
- Re: Watcher page moved (and ObBug) Tom Fitzgerald (Mar 31)
- SATAN Download Location Bill Bradley (Mar 30)
- Re: SATAN Download Location Robert A. Pickering Jr. (Mar 31)