In Need Of Logo :)

Current Release: 0.5.1
M.E.N.U
Red ArrowMAIN
Red ArrowProject
  Black ArrowDownload
  Black ArrowCVS
Red ArrowSupport
  Black ArrowMailing Lists
  Black ArrowForums
Red ArrowDocumentation
  Black ArrowUsers
  Black ArrowDevelopers
  Black ArrowFAQ
Red ArrowMisc.
  Black ArrowLogo Contest
  Black ArrowSponsors
  Black ArrowNews Archive

 

SourceForge Logo  
 
Valid HTML 4.0!

Summary Icon Frequently Asked Questions

 

Below are the Most Frequently Asked Questions (FAQ) for Shadow Watcher:

General Questions  

1.1 What Does Shadow Watcher do exactly?
1.2 Why Should I use this program? It Seems like a risk to share this information
1.3 But I don't want people to know who is attacking my site
1.4 Can't the bad guys use it to attack me?
1.5 What about those other log analysis programs?

 

Technical Questions  

2.1 How does the program work exactly?

Programming Questions  

3.1 Why did you code Shadow Watcher in Python?
3.2 Why not Java?
3.3 But Perl kicks ass, why not code in Perl?

Answers  

General Answers:

1.1 What Does Shadow Watcher do exactly?

Shadow Watcher is a Peer to Peer log sharing tool for the security analyst. In other words, Shadow Watcher allows you to share your log files with other people on the Internet while at the same time allowing you to access their log files.

The information which is obtained through Shadow Watcher can then be used to help you and other people tailor their Intrusion Detection Programs and firewalls to better meet the threats which are present on the Internet.

1.2 Why a Peer to Peer log sharing program? Why not a web/host based one?

Well the main reason I choose to write a Peer to Peer log sharing file was because of the problems inherent with a server program. In the event of a large scale server attacks a smart intruder could Denial Of Service attack the server, thus rendering the entire concept behind the program useless. The peer to peer program is much harder to take down thus allowing someone to recognize the widescale attack. In addition the load of finding matches to search criteria is distributed thus not requiring abundant hardware resources.

1.3 Why Should I use this program? It Seems like a risk to share this information.

This program is not really a big risk or security hazard when you think about it. All this program does is tell other people who has been knocking on your doors, not if they were successful or not. In addition, the program obscure your host address leaving only the attacking address in the return results.

The best analogy for this program is a "neighborhood watch" everyone shares information about the people who are poking around on their site thus benefiting the entire community.

1.4 But I don't want people to know who is attacking my site

Neither do I, that is why there is a built in part of the software which obscures your host address leaving only the attacking address. Soon, in addition to the obscuring of the host address the data will be encrypted thus giving more security to the data while in transit.

1.5 Can't the bad guys use it to attack me?

Theoretically, yes they could but the amount of time and effort they would have to spend to figure out who the information returned actually belongs to would not be worth the effort. In a sense it would be easier for them to avoid the sites which have the program running since the site is obviously monitored and secure.

1.6 What about those other log analysis programs/websites?

Those websites/programs fall victim to the very problem discussed in answer 1.2.

1.7 I am still not convinced. Is there anyway to share logs without using the program?

Eventually I will be adding the ability for nodes which will allow you to upload your data to them. However this is far in the future and should not be considered unless your very paranoid since it defeats the whole idea of a distributed program.

Technical Answers:

Programming Answers:

3.1 Why did you code Shadow Watcher in Python?

There were many reasons I chose Python over any other programming language out there. The main reason was the ease of programming. Python's syntax and intuitiveness lends itself to programming quickly. Secondly, Python is fast, while not as a fast a C it is certainly faster then most other languages out there especially when it comes to parsing text and is multi-platform without the problems of Java (see next answer.)

3.2 Why not Java?

I am no fan of Java, since I it slow and hard to use. Granted it is a step up from C++ but the idea that it is truly write once run anywhere is not does not stand up to its billing. This is especially true on Linux where Sun's support for Linux is abysmal with Java runs very much slower then on other OS's. In addition Java is not Open Source, which as a a Linux zealot makes it hard for me to program in without feeling dirty.
I recommend reading the article entitled, Java: Slow, ugly and irrelevant by Simson Garfinkel which summarizes many of the reasons Java is not everything it is cracked up to be.

3.3 But Perl kicks ass, why not code in Perl?

Perl is a very good language, and has been called "the glue that holds the Internet together." However, the ability to debug/maintain code in Perl is horrible. It is great for one time, quick programs but not very good at all for building maintainable code. That is the reason why I did not choose Perl.

 


Best viewed in 640x480 with the latest Mozilla browser.