Slashdot Mirror
Are There Risks in Sharing Firewall Logs?
FireballDWF asks: "What are the risks in sharing my personal Firewall logs with others? I ask as helping to put a stop to detect and stop attacks at their source by becoming an agent for MyNetWatchman sounds easy and appealing, but I am concerned about the possible risks." The MyNetWatchman service is designed to take a pro-active approach to network security. A network agent sits on a users firewall and forwards log entries to a central server that analyzes the data and warns the user if suspicious activity occurs. Sounds like a good plan, but what dangers (if any) will the users of this service be exposing themselves to by providing such access to their machines, even if they are just log files?
- Visions says, among other things:
With TCP and UDP alone there are over 125,000 possible ports that attackers could target.. Uhm, yeah. Portunmbers are 16 bit. So there's 65536 possible ports, times 2 if you count tcp and udp. I'm not so sure why this is relevant to anything though.
- Their link to closed incidents Gives a: Microsoft OLE DB Provider for ODBC Drivers
(0x80040E31)
[Microsoft][ODBC SQL Server Driver Not very comforting.
- Their domain name is really really dumb.
:)
- They claim 1200 active agents, and 87K reported incidents the last 24 hours. This is a really high level, and thus means the agent has to report back home every little detail that happens.
On the flipside, they do have a privacy-policy clearly visible on their homepages, and they do support agents under many different OSes. So who knows, maybe they're actually clueful and just manage to come off as clueless.