Check Host

Monitor your transition to IPv6 with WatchMouse (2009-10-14)

You've heard it before, and it's being announced more frequently and louder: The number of available addresses on the Internet is running out, and we all should move to the new addressing scheme, IPv6, as soon as possible. The uptake has been rather slow in the past, but that seems to be changing now as companies, ISPs, and other organizations are taking their first steps on the road to the IPv6 world. For most of these companies, however, this is quite a big step, with many things to consider and many uncertainties.

External IPv6 monitoring

As of today, WatchMouse offers IPv6 monitoring for web sites and other external services of your company. The monitoring network will, just like visitors of your website that happen to be on an IPv6 connected network, connect to your site when an IPv6 record is available in the DNS of your domain.

Check your IPv6 connectivity right now? Just visit our Check Host tool or the Ping tool. And while you're at it, set up a rule in your account to monitor your site continuously from our world wide monitoring network.

Many changes

To fully enable IPv6 monitoring, we have upgraded several components of our infrastructure:

• Our worldwide monitoring infrastructure, including the monitoring software
• The backend systems, including our databases and the WatchMouse API (see a post on this on WatchMouse Labs).
• The configuration portal (settings), where you can now specify whether or not to monitor over IPv6, if possible.
• The free tools on our site: check host and ping.

By offering IPv6 standard in all packages (including the free package and the 30-day trial) and in the tools on our site, we hope to facilitate a smoother transition to IPv6 in your organization.

Is your company interested in IPv6? Then do keep an eye on our IPv6 posts on WatchMouse labs.

LB Icon chooses WatchMouse for independent website monitoring (2005-01-31)

Customer websites verified from the visitors' perspective

LB Icon and WatchMouse have signed a contract for the continuous monitoring of the websites and services of LB Icons' customers. Using the WatchMouse services, LB Icon expects to raise its service level even higher.

The Application Management & Hosting Services (AM&HS) group of LB Icon maintains the administration and management of servers and applications of a large number of (international) clients. This makes AM&HS responsible for the performance and availability of the websites and Internet applications.

Using the WatchMouse services, AM&HS will instantly be aware of upcoming and/or acute incidents related to the websites of its clients, and can, as a result, resolve problems in a short time frame.
The websites and their functionality are checked for accessibility, speed and conformance from different locations around the world. Because the websites are checked in the same way that visitors are experiencing them, incidents will be detected at an early stage. Also, using WatchMouse's objective periodical reports, it is possible to see if the performance is in accordance with the agreed service levels (SLAs).

Eveline Aendekerk, MD a.i.: "The door of a shop should never be jammed, websites and the functionality on those sites should simply be accessible and available. Our clients should be able to rely on this completely, so they can focus on their primary business processes, such as communication, interaction and sales.
We chose WatchMouse because of their expertise, and also because of the simplicity and user-friendliness of their system and services".

Stan P. van de Burgt, one of the founders of WatchMouse: "I find it a powerful gesture that LB Icon doesn't just monitor the websites of their clients, but that they selected an external party for this, and on top of that give their clients access to the results. Many companies where the website plays an essential role in business, don't have any awareness of this. They have no idea of the risks and the resulting damage, until the day comes that things actually go wrong"

About Lost Boys

For 11 years Lost Boys has been a major service provider in the area of (mobile) Internet. Lost Boys offers a combination of strategy, design, technical development, implementation, application management and hosting of Internet- and mobile solutions. The Amsterdam based corporation is part of the Lost Boys/IconMedialab Group and is listed on the Stockholm Stock Exchange and Euronext Amsterdam. Lost Boys operates with 600 employees in 7 countries, both in Europe and the United States.

http://www.lostboys.nl/
http://iconmedialab.com/

About WatchMouse

WatchMouse is a service of RoundZero. Since 2001, WatchMouse has been checking Internet sites and e-commerce applications of major companies all over the world. The WatchMouse services are available in 8 languages and analysis is performed through its worldwide monitoring network at different locations and networks. WatchMouse has thousands of users in more than 70 countries.

http://www.watchmouse.com/

WatchMouse develops monitoring widget for Apple users (download widget) (2005-10-21)

WatchMouse has developed a new widget for dashboard, aimed at Internet site monitoring.

NETHERLANDS, 2005-10-13. By means of the widget Apple users can get direct insight into the accessibility of their own Internet site. The widget can be downloaded for free from the Apple website. Last month, WatchMouse was voted a Deloitte Rising Star in the Netherlands, as part of the Fast 50 awards; the list of the 50 fastest growing technology companies.

In 2002, WatchMouse (www.watchmouse.com) introduced a new concept for Internet site monitoring. By means of ongoing simulations of Internet traffic the accessibility of sites and servers is checked. If a site is not responding, an alert message is sent immediately through SMS, telephone, Instant Messenger or e-mail. The sites are checked from sixteen monitoring stations worldwide. This is done 24 hours per day, seven days per week. The service is completely web based: customers don't have to install software, everything is 100% self-service, which keeps the costs low.

The three founders of WatchMouse, Niels Eijsbroek, Stan van de Burgt and Mark Pors are enormous Mac-fans with a total of fifteen Macs in their possession. The monitoring widget is quite unique: it is a combination of a desktop and a hosted application. When the widgets detects a problem with the site it is checking, it alerts the user with a 'beep', followed by the launch of a web browser, which is directed to a web application on watchmouse.com. There the site is checked from 16 different locations worldwide.

Every five minutes

Every five minutes the dashboard widget checks one or more sites from the users own computer. Also, the availability of the site during the last 72 hours is registered. A problem is followed by an alert, which is then verified by all WatchMouse control stations.

WatchMouse has made the widget available free of charge "because we have become addicted to it, ever since we started using the first beta version of the widget", says CCO Niels Eijsbroek. "We give the widget away for free mainly for the fun part. And of course it's also important to bring site monitoring to the attention of our fellow Apple-users."

The free WatchMouse site monitoring widget can be downloaded from the Apple website:

http://www.apple.com/downloads/dashboard/networking_security/watchmousesitemonitor.html

About WatchMouse

Companies can easily monitor their own Internet sites using WatchMouse's monitoring service. WatchMouse has been monitoring Internet sites and e-commerce applications for companies throughout the world since 2002. WatchMouse has thousands of customers in more than 70 countries. The services supplied by WatchMouse are available in eight languages, and analysis are performed from various locations and over numerous networks, using a world-wide monitoring network.

Further information can be found at: www.watchmouse.com

WatchMouse and Domeny.pl join forces in the Polish market (2005-11-24)

Polish websites verified from the visitors' perspective

Kraków, Poland, 2005-11-08 -- WatchMouse and Domeny signed a reseller and marketing agreement today, joining forces in bringing site monitoring services to the Polish market.

Using the WatchMouse services, companies will instantly be aware of upcoming and/or acute incidents related to its web sites of their clients, and can, as a result, resolve problems in a short time frame.

The websites and their functionality are checked for availability, speed, and conformance from different locations around the world, now including Poland. Because the websites are checked in the same way that visitors are experiencing them, incidents will be detected at an early stage. Also, using WatchMouse's objective periodical reports, it is possible for companies to see if the performance is in accordance with the agreed service levels (SLAs).

WatchMouse extends its network of monitoring stations with a checkpoint in Kraków, hosted by Domeny.pl. The total number of checkpoints is now 17. Domeny.pl also provides the Polish language version of the WatchMouse site and local customer care.

Stan P. van de Burgt, CEO of WatchMouse: "I'm very happy with this deal. The Polish e-service industry is obviously booming, and this results in higher awareness of the issues involved with running web applications that should be available around the clock."

Arkadiusz Szczurowski, CEO of Domeny.pl "We know that WatchMouse products are one of the best in the World. So we decided to co-operate with the company, and we take pride in it. We expect this co-operation to bring both WatchMouse and our business a lot of advantages and satisfaction. Domeny.pl wants to lead WatchMouse monitoring service on Polish market and offer it for business leaders. This will be a great innovation in Poland and also success. In our view, site monitoring is important, because stability, performance, and high availability of the web sites is one of the basic value in all branches of business, both e-business and other business."

"There are about 4 million companies in Poland. We want to direct the offer to the most important on Polish market. We think that the WatchMouse service is a must-have for about 5-10 percent of all business owners."

About Domeny.pl

Domeny.pl was founded in 1997 and is now providing Internet services to about 10.000 business customers with products ranging from Internet domains and hosting services (virtual and dedicated servers), SSL certificates and other products dealing with internet security. The company's slogan is: We're Trusted by the Best. Among its clients are the biggest and the best known Polish and international companies.

About WatchMouse

Companies can easily monitor their own Internet sites using WatchMouse's monitoring service. WatchMouse has been monitoring Internet sites and e-commerce applications for companies throughout the world since 2002. WatchMouse has thousands of customers in more than 70 countries. The services supplied by WatchMouse are available in nine languages, and analyses are performed from various locations and over numerous networks, using a world-wide monitoring network.

In October 2005, WatchMouse was voted a Deloitte Rising Star in the Netherlands, as part of the Fast 50 awards the list of the 50 fastest growing technology companies.

WatchMouse releases new Site Performance Monitoring Widget for Apple users (download widget) (2006-10-22)

WatchMouse releases 2.0 widget for dashboard, aimed at Internet site performance monitoring.

NETHERLANDS, 2006-10-23. By means of the widget Apple users can get direct insight into the performance of their own Internet site. The widget can be downloaded for free from the Apple website.

In 2002, WatchMouse (www.watchmouse.com) introduced a new concept for Internet site monitoring. By means of ongoing simulation of Internet visitors the performance of sites and servers is verified. If a site is not responding, an alert message is sent immediately through SMS, pager, Instant Messenger or e-mail. The sites are checked from over twenty monitoring stations worldwide. This is done 24 hours per day, seven days per week. The service is completely web based: customers don't have to install software, everything is 100% self-service, which keeps the costs low.

The three founders of WatchMouse, Niels Eijsbroek, Stan van de Burgt and Mark Pors are enormous Mac-fans with a total of twenty Macs in their possession. The monitoring widget is quite unique: it is a combination of a desktop and a hosted application. When the widgets detects a problem with the site it is checking, it alerts the user with a 'beep', followed by the launch of a web browser, which is directed to a web application on watchmouse.com. There the site is checked from over 20 different locations worldwide.

Worldwide monitoring

The new version (2.0.4) brings continuous performance monitoring, even when the Mac is not connected to the Internet, by connecting the widget to a WatchMouse account (free or paid). In October 2005, WatchMouse released the first version of this widget, which was downloaded over 10.000 times.

WatchMouse has made the widget available free of charge "because we have become addicted to it, ever since we started using the first beta version of the widget", says creative director Niels Eijsbroek. "We give the widget away for free mainly for the fun part. And of course it's also important to bring site performance monitoring to the attention of our fellow Apple-users."

The free WatchMouse site monitoring widget can be downloaded from the Apple website:

http://www.apple.com/downloads/dashboard/networking_security/watchmousesitemonitor.html

About WatchMouse

Companies can easily monitor their own Internet sites using WatchMouse's monitoring service. WatchMouse has been monitoring Internet sites and e-commerce applications for companies throughout the world since 2002. WatchMouse has thousands of customers in more than 70 countries. The services supplied by WatchMouse are available in nine languages, and analysis are performed from various locations and over numerous networks, using a world-wide monitoring network.

In 2005, WatchMouse was voted a Deloitte Rising Star in the Netherlands, as part of the Fast 50 awards; the list of the 50 fastest growing technology companies.

Further information can be found at: www.watchmouse.com

WatchMouse Launches API-status.com (2010-01-20)

New Site Monitors and Measures Uptime of 26 Popular API and Cloud Services Websites; Report Reveals Amazon, Google and Yahoo Among the Best and Vimeo, foursquare and Yammer Among the Worst Performers

WatchMouse, a global industry leader in self-service website and application performance monitoring, announced the launch today of API-status.com, a new dedicated website for monitoring and measuring the real time availability and performance of the public APIs of 26 heavily trafficked, popular “cloud computing” mega web services including: Google Search, Google Maps, Bing, Facebook, Twitter, SalesForce, YouTube, Amazon, eBay, PayPal, Wikipedia and others.

API-status.com does a call and check for a valid result on each of the APIs, and if the result is wrong or is received after four seconds, it is noted as an error and unavailable. The percentage of availability or uptime is based on the number of errors reported; details on API-status.com include a seven-day history along with a 24-hour glance and performance indication by country.

"Nearly all websites nowadays include information from outside sources such as maps or social media feeds. It impacts millions of websites worldwide if these services and systems are slow or down and can invoke a global domino effect of breakages and slowness," states Mark Pors, CTO and co-founder of WatchMouse. "The four-second limit on the response time may seem strict, but it is actually a long time, especially when the (mash-up) sites need to do multiple API calls to present a complete page to the visitor."

According to a recent report produced by Forrester Research and Akamai, two seconds was revealed as the new threshold of acceptability for e-commerce web page response times.

30-Day Report Card and Methodology

WatchMouse monitored the availability of 26 API/cloud web services during the period of December 16, 2009 to January 16, 2010. The results found that Yammer API had the lowest availability with 96.06 percent uptime and Amazon, Google Maps, Google Search, last.fm, and Yahoo Maps with the highest availability with 100 percent uptime. In accordance with industry standards, availability of greater than or equal to 99.9 percent is regarded as "good" while anything below 99 percent is regarded as "poor" site uptime. The methodology for testing the sites includes one simple API call and check for a valid result. This typically means an authentication action for most APIs, including a login, followed by a search or listing action, plus a check of the expected result action. The expected result can immediately return as an error or if the expected result action is reported after four seconds, it is also logged as an error. These errors are used to create the percentage of availability or uptime for each of the sites. Each site is checked in real time using the WatchMouse Public Status Pages tool, which can be used to measure and report the availability of any public website. Companies use the tool, which is hosted on the Amazon platform to inform customers and report publicly on the status of their services.

Click here to read the full report of all 26 website services uptime or visit www.API-status.com for real time status and statistical data on each website.

About APIs

An application programming interface (API) is a set of data structures, protocols, routines and tools for accessing a web-based software application. The practice of publishing APIs allows web communities to create an open architecture for sharing content and data between communities and applications. Content that is created in one place can then be dynamically retreived, posted and/or updated in multiple locations on the Web.

About WatchMouse

Founded in 2002, WatchMouse is a global industry leader in self-service website and application performance monitoring. WatchMouse product tests the behavior and availability of websites, services and applications utilizing an infrastructure that includes 42 worldwide remote monitoring stations in 26 countries. Advanced remote monitoring helps eliminate website downtime, allows issues to be identified and resolved quickly and guarantees peace of mind that your website has been thoroughly and externally tested from the user’s perspective. WatchMouse’s web-based products are easily deployed and offer many features including: extensive reporting tools, root cause analysis, automated email and text/SMS alerts. WatchMouse supports Philips, ING, VeriSign and other leading global companies who depend on WatchMouse to provide independent confirmation of both in-house and suppliers’ website performance. WatchMouse is a privately held company headquartered in Utrecht, The Netherlands. Learn more at http://www.watchmouse.com.

What do you want to check with a service such as Watchmouse? (2005-01-31)

As I explained in my previous column, you can use a monitoring service in a number of roles. Common to all these roles is the fact that you are keeping alive some services for the benefit of your customers, suppliers, employees or partners. These users are, in the end, all that counts.

What are the objects that you should be checking? Obviously, the least you want to do is check the service that is most visible to these users. This could be the webserver, or a POP or FTP server for example. You would start by setting up a rule to check the server and a URL. The frequency with which you can monitor (that is: the elapsed time between checks) is typically limited by the type of subscription that you have. Only in specific cases would you not check as often as your subscription allows.

Note that there is a difference between a CONNECT on port 80 rule and a HTTP rule. The first just connects to the port that the webserver is supposed to use. The HTTP rule also checks whether the webserver can produce a valid HTTP response, and whether the document can be found. You probably want the latter check.
Similar reasoning applies to POP and FTP checks. If you set up two different rules on the same host, this allows you to distinguish for example between a broken webserver and a host that is down. If you want even more content oriented checks, have a look at the so-called PLUG-IN rules. Additionally, you can set up checks to make sure that your users are actually using the services that you intend them to. The whole Internet depends heavily on the domain name system(DNS) functioning correctly. If it does not work properly your users may be directed to another site than you intended. This could be a configuration error, but it could also be a defamation hack. In either case, you want to know.
First of all you want to check whether the root servers of the Internet accurately find the DNS that is serving you. This can be checked with a DNSNS rule. What you are checking with this rule is whether the registrar's databases are correct. Second, you want to check if that DNS server (and its slaves) are serving up the proper IP address for the server. For this you can use the DNSA rule, and it will warn you if the DNS server is not working or serves up the wrong address. (Note that the hosting party can change that address at its discretion, as part of a renumbering operation for example.)

Who should you notify of rule failures? Again, different roles have different information requirements. You want to notify the person who can fix things as soon as possible. Mail or SMS/text them directly, you do not want to be in the loop. You might set up an escalation chain, which fires off after a certain amount of errors. Note: make sure that you send the message on a channel that is not affected by the outage: if your e-mail system does not work, delivering a message to that effect should not depend on that e-mail system.
The people in charge of overseeing somebody else's service levels should only get escalation messages, if at all. Rather, they should get the weekly or monthly service reports.

Peter van Eijk is a management consultant specialized in management of network infrastructures. He can be reached via his contact page.

Why do you need a monitoring service such as Watchmouse? (2005-01-31)

There are a number of reasons for this, depending on your role in your organization, and what you want to achieve. Each of these roles leads to a different approach for using and setting up the service.

Most likely you are either responsible for keeping a service such as a website online, or you have contracted somebody else to do that for you. Additionally, you could be a consultant or technical architect who wants to get an insight in performance and uptime characteristics of various solutions and services.

If your role is to keep things running, you really want to be notified of problems as soon as possible, before your customers or supervisors notice. You want appropriate error messages and not too many false alarms. As you configure Watchmouse you probably want to have a quick alert by e-mail or SMS/text message when things don't work and have additional diagnostic information available. In this way, downtime can be kept to a minimum. It is not only the quality of the systems that counts, but also the speed with which you can fix problems.

Your role could also be in overseeing your service providers, whether they are internal or outsourced. In that case, you don't want to be interrupted by these messages, unless the situation becomes dramatic. Instead you would like to look at the weekly report, and see if your service providers are living up to their promises. On the Internet it is easy to get 99% uptime, and you should really be doing better than that. The services that regularly fail to make this grade need attention, to see if another approach to provisioning them works better.

If you are considering technical alternatives for the way you are setting up your e-business, you are most likely interested in typical failure modes. For example, we know from experience that most website problems are software problems, followed by sizing problems. Communications problems are fairly rare, and if they occur they take the form of peering problems: websites cannot be reached from specific networks, even if all networks are operational. One approach using Watchmouse reports is to check various aspects with different rules. Use one rule to download the homepage, another to check the DNS and a third to check connectivity to the hosting centre. In a next column I'll go into the details of this.

Peter van Eijk is a management consultant specialized in management of network infrastructures. He can be reached via his contact page.

D-Link DWL-G132 ASAGU.SYS Wireless Device Driver Stack Buffer Overflow Vulnerability (2007-01-15)

The D-Link Wireless Device Driver for DWL-G132 devices is prone to a stack-based buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of the kernel hosting the vulnerable driver. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions.

The ASAGU.SYS driver is primarily used on the Microsoft Window operating system. Note, however, that Linux and BSD machines using the 'ndiswrapper' tool should determine if they are using a vulnerable instance of the driver.

Note also that this vulnerability can be exploited only when an attacker is within the range of broadcast of 802.11 wireless connections.

Version 1.0.1.41 of the ASAGU.SYS driver is reported vulnerable; other versions may also be affected.

NetGear WG111v2 Wireless Driver Long Beacon Buffer Overflow Vulnerability (2007-01-15)

NetGear WG111v2 Wireless device is prone to a stack-based buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of the kernel hosting the vulnerable driver. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions.

The WG111v2.SYS driver is primarily used on the Microsoft Window operating system. Note, however, that Linux and BSD machines using the 'ndiswrapper' tool should determine if they are using a vulnerable instance of the driver.

Note also that this vulnerability can be exploited only when an attacker is within the range of broadcast of 802.11 wireless connections.

Version 5.1213.6.316 of the WG111v2.SYS driver is vulnerable to this issue; Other versions may also be affected

Kerberos 5 KAdminD Server Stack Buffer Overflow Vulnerability (2007-04-04)

Kerberos 5 kadmind (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

kamind servers run on the master Kerberos server, since the master server holds the KDC principal and policy database, this will not only compromise the affected computer but it could compromise multiple hosts that uses the server for authentication.

Versions 1.6 and prior are vulnerable.

D-Link DWL-G650 TIM Information Element Wireless Driver Beacon Buffer Overflow Vulnerability (2007-06-13)

The D-Link Wireless Device Driver for DWL-G650 devices is prone to a buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting this issue potentially allows attackers to execute arbitrary machine code in the context of the kernel hosting the vulnerable driver. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions.

D-Link DWL-G650 6.0.0.18 (Rev. A1) is reported vulnerable; other versions may also be affected.

MIT Kerberos 5 KAdminD Server RPC Type Conversion Stack Buffer Overflow Vulnerability (2007-06-27)

Kerberos 5 kadmind (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

This issue also affects third-party applications using the affected RPC library.

All kadmind servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 kadmind 1.6.1and prior versions are vulnerable.

MIT Kerberos 5 KAdminD Server Rename_Principal_2_SVC() Function Stack Buffer Overflow Vulnerability (2007-06-27)

Kerberos 5 kadmind (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

All kadmind servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 kadmind 1.6.1, kadmind 1.5.3 and prior versions are vulnerable.

MIT Kerberos 5 KAdminD Server SVCAuth_GSS_Validate Stack Buffer Overflow Vulnerability (2007-09-06)

Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 'kadmind' 1.4 through 1.6.2 are vulnerable; third party applications using the affected RPC library are also affected.

CISCO IOS LPD Remote Buffer Overflow Vulnerability (2007-10-11)

Cisco IOS is prone to a remote buffer-overflow vulnerability in its LPD service because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the affected component. Attackers could also restart the device, resulting in denial-of-service conditions.

To exploit this issue, an attacker must be able to change the hostname of affected routers. SNMP write access may allow attackers to change the router's hostname.

Versions prior to Cisco IOS 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 are vulnerable.

This issue is being tracked by Cisco bug ID CSCsj86725.

Samba NMBD_Packets.C NetBIOS Replies Stack-Based Buffer Overflow Vulnerability (2007-11-15)

Samba is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

NOTE: this issue only occurs when Samba is configured with the 'wins support' option enabled in the host's 'smb.conf' file.

An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Successful attacks will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

Samba versions 3.0.0 through 3.0.26a are vulnerable.

Symantec Norton Ghost RemoteCommand.DLL Buffer Overflow Vulnerability (2008-01-04)

Symantec Norton Ghost is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects Symantec Ghost 12.0; other versions may also be affected.

WatchMouse: Recently added scans (2008-02-29)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-02-28 - Hosting Controller Authentication Bypass Vulnerability (High)
• 2008-02-28 - Nukedit email Parameter SQL Injection Vulnerability (High)
• 2008-02-28 - Mozilla Thunderbird < 2.0.0.12 (High)

WatchMouse: Recently added scans (2008-05-07)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-05-06 - PHP < 5.2.6 Multiple Vulnerabilities (High)
• 2008-05-06 - ActualAnalyzer Lite style Parameter File Include Vulnerability (Medium)
• 2008-05-06 - Sun Java System Directory Proxy Server Unauthorized Access Vulnerability (Medium)
• 2008-05-06 - Cisco Security Agent Buffer Overflow Vulnerability (Critical)
• 2008-05-06 - Webhosting Component catid Parameter SQL Injection Vulnerability (High)

Linux Kernel '/include/xen/blkif.h' 32-on-64 Support Denial Of Service Vulnerability (2008-05-08)

The Linux kernel is prone to a denial-of-service vulnerability because the software fails to perform sanity checks when handling values when running 32-bit paravirtualized guests on a 64-bit host.

Local, privileged attackers can leverage the issue to crash the kernel and deny service to legitimate users.

WatchMouse: Recently added scans (2008-05-17)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-05-16 - Firebird Default Credentials (High)
• 2008-05-16 - Django Administration Application Cross-Site Scripting Vulnerability (Medium)
• 2008-05-16 - Remote host has weak Debian OpenSSH Keys in ~/.ssh/authorized_keys (Critical)
• 2008-05-16 - Debian OpenSSH/OpenSSL Package Random Number Generator Weakness (SSL check) (Critical)
• 2008-05-16 - DatsoGallery Component User-Agent Header SQL Injection Vulnerability (High)
• 2008-05-16 - Debian OpenSSH/OpenSSL Package Random Number Generator Weakness (Critical)
• 2008-05-16 - Firebird SYSDBA Unauthorized Authentication Vulnerability (High)

WatchMouse: Recently added scans (2008-10-16)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-10-15 - Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695) (Critical)
• 2008-10-15 - Cumulative Security Update for Internet Explorer (956390) (High)
• 2008-10-15 - Vulnerability in Message Queuing Could Allow Remote Code Execution (951071) (Critical)
• 2008-10-15 - GForge offset parameter SQL Injection Vulnerability (High)
• 2008-10-15 - ASG-Sentry fcheck.exe File Overwrite Vulnerability (High)
• 2008-10-15 - Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155) (High)
• 2008-10-15 - Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803) (High)

WatchMouse: Recently added scans (2008-12-03)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-12-02 - Samba 3.0.29 - 3.2.4 Potential Memory Disclosure (Medium)
• 2008-12-02 - CMS Made Simple admin/login.php cms_language Cookie Local File Include (Medium)
• 2008-12-02 - WordPress wp-includes/feed.php self_link() Function Host Header RSS Feed XSS (Medium)

Ghostscript 'gdevpdtb.c' Buffer Overflow Vulnerability (2009-04-03)

Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application. This vulnerability may facilitate the compromise of affected computers.

Versions prior to Ghostscript 8.64 are affected.

Ghostscript 'jbig2dec' JBIG2 Processing Buffer Overflow Vulnerability (2009-04-10)

Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue may allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

Ghostscript 8.64 is vulnerable; other versions may also be affected.

Progress Database Multiple Buffer Overflow Vulnerability (2009-07-12)

Progress is a commercial database for Microsoft Windows and Unix systems.

Locally exploitable buffer overflows are prevalent throughout many Progress Database programs. This is largely due to insufficient bounds checking of data which is externally supplied to strcpy functions.

These problems could be exploited to allow a local attacker to execute arbitrary code on a host with the privileges of each individual affected program.

This situation could be leveraged by the attacker to gain root privileges on the host.

Symantec Norton Antivirus LiveUpdate Host Verification Vulnerability (2009-07-12)

Symantec's Norton Antivirus contains a feature called LiveUpdate. LiveUpdate is a process that checks for new virus definitions over the internet, downloads and installs them from a Symantec site. This process can either be scheduled or performed manually.

A flaw exists in Symantec's implementation of Norton Antivirus LiveUpdate, which fails to use Cryptography (Digital Signatures, Public Keys or Certificates) when performing LiveUpdates on a user's system. Therefore, it is possible for a remote host to send illicit LiveUpdates to an unknowing user.

Check Point FW-1 SecuClient/SecuRemote Client Design Vulnerability (2009-07-12)

Check Point Firewall-1 is a popular firewall package available from Checkpoint Software Technologies. SecuClient/SecuRemote are VPN-1 implementations for Check Point Firewall-1 products.

It is possible to configure a timeout value for cached user credentials. This value is stored on client systems and can be modified by users of client systems. If security policy includes a time limit on cached credentials, malicious authenticated users may bypass the policy by modifying the value.

Depending on the operating system of the client host, local administrative privileges on the client host may be required to modify the configuration file.

In addition to the timeout values, other sensitive information is reportedly stored on client systems. Further details are not known at this time.

WatchMouse: Recently added scans (2009-08-21)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-08-20 - Citrix License Server Licensing Management Console Unspecified Issue (Critical)
• 2009-08-20 - CA Host-Based Intrusion Prevention System Client kmxIds.sys Denial of Service (CA20090818) (High)
• 2009-08-20 - SAP SAPgui SAPIrRfc ActiveX (sapirrfc.dll) Accept Function Overflow (High)
• 2009-08-20 - Pidgin < 2.5.9 'msn_slplink_process_msg()' Memory Corruption (High)
• 2009-08-20 - Subversion Client/Server Multiple Buffer Overflows (High)
• 2009-08-20 - SAP SAPgui MDrmSap ActiveX (mdrmsap.dll) Buffer Overflow (High)
• 2009-08-20 - Citrix Password Manager Agent Secondary Credentials Information Disclosure (Medium)

MS Index Server and Indexing Service ISAPI Extension Buffer Overflow Vulnerability (2009-11-27)

Windows Index Server ships with Windows NT 4.0 Option Pack and Windows Indexing Service ships with Windows 2000. An unchecked buffer exists in the 'idq.dll' ISAPI extension associated with each service. A maliciously crafted request could allow the execution of arbitrary code on the host in the Local System context.

It should be noted that Index Server and Indexing Service do not need to be running in order for an attacker to exploit this issue. 'idq.dll' is installed by default when IIS is installed, subsequently IIS would need to be the only service running.

It should be noted that this vulnerability is currently being exploited by the 'Code Red' worm. In addition, all products that run affected versions of Microsoft IIS are subject to this issue. Please see the reference section for further information regarding this worm.

**UPDATE**: It is believed that an aggressive worm may be in the wild that actively exploits this vulnerability.

WatchMouse: Recently added scans (2009-12-16)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-12-15 - HP OpenView Network Node Manager Multiple Scripts hostname Parameter Remote Command Execution (Critical)
• 2009-12-15 - phpShop Default Credentials (High)
• 2009-12-15 - Kiwi Syslog Server Web Access Login Username Enumeration (Medium)
• 2009-12-15 - ntpd Mode 7 Error Response Packet Loop DoS (Medium)
• 2009-12-15 - CGI Generic SQL Injection (blind, time based) (High)
• 2009-12-15 - phpShop shop/flypage SQL Injection (Medium)

WatchMouse: Recently added scans (2010-01-01)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-12-31 - Netbiter Config NetbiterConfig.exe Device Hostname Remote Overflow (High)
• 2009-12-31 - Sun Java System Directory Proxy Server 6.x < 6.3.1.1 Multiple Vulnerabilities. (Medium)

Ghostscript 'errprintf()' Function PDF Handling Remote Buffer Overflow Vulnerability (2010-02-13)

Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application. A successful exploit may facilitate the compromise of the affected computer.

Ghostscript 8.64 and 8.70 are affected; other versions may be vulnerable as well.

Ping from all our monitoring stations (2005-12-09)

You can now use our improved ping tool to ping your server from each of our monitoring stations.

In case ping requests are blocked by your firewall or server, you can use the host check tool alternatively.

WatchMouse 1.4.26 API deployed (2008-02-24)

Today, a minor release of the WatchMouse 1.4 API was deployed on http://api.watchmouse.com/1.4/. The current version is now 1.4.26. The changes are backward compatible with the previous version.

Changes w.r.t. 1.4.25

• self-documenting calls, add ?doc after the call, no other parameters and the parameter specification is shown (try and click the URL above!)
• new parameter 'acct' (account) on all rule, contact, and folder calls so
  1. resellers and other accounts with sub accounts can login with their own credentials and then access the sub-account
  2. accounts with read access rights to other accounts can access these accounts (graphs, logs)
• alternative output formats for logs (Excell, tab delimited, CSV, streaming)
• new calls added:
  • info_cps - get information on checkpoints (monitoring stations)
  • info_ip - get information about a given host (or about caller)
  • info_country (beta) - get information about a given country
  • info_currency (beta) - get information about a given currency
  • fldr_add/mod/get/del - manipulate rule folders
  • rule_check - check a rule now
  • ch_add/mod/get/del - manipulate contacts
  • acct_new/add - calls to create additional accounts
• version in XML output (first enclosing tag)
• no IP check on acct_whois call (used for auto login on WatchMouse site)
• use API password instead of account password if present (not supported on the WatchMouse site yet)
• full support for tags in rule_add/mod/get/del and rule_graph now
• support PNGs as error message for rule_graph so developper can always show a picture
• use ip geo information if applicable