netwatch
--------

    Netwatch is a "semi-intelligent" network monitoring tool.
It monitors certain TCP/IP services for activity that indicates
possible intruder presence. It is intended not only as a generic
intrusion scanner, but also as a complement to the drawbridge 
filter package, covering areas of weakness inherent in bridging
filter arrangements.  It probably won't pick up the pro's, but it 
is pretty good at detecting the rest.

    The distribution of netwatch has been hotly debated within our
group.  One argument is that netwatch should be freely released, as
the crackers already have equivalent knowledge and tools (they do),
and restrictions would only hurt valid administrators. The counter
argument is that free availability of the intrusion signatures would
enable the crackers to design better intrusions, and the availability
of sources would provide novice crackers a significant help.

As a compromise, we now distribute part of 'netwatch' via anonymous
FTP as part of the 'netlog' package (as of netlog-1.2).  Two of the
modules (telnet and ftp) have been removed.  NIC registered site
contacts can request these extra modules, given an official request on
respective letterhead.  Requests should be sent to:

        TAMU Netwatch package
	Ellen Mitchell
	Computing and Information Services
	Texas A&M University
	MS 3142
	College Station, TX 77843-3142