A snow plow for attachment to a vehicle, the snow plow including a mounting apparatus having a mounting frame, the mounting frame including at least one mounting upright. The snow plow further including a plow blade including a retention apparatus constructed and arranged to slidingly and disengageably secure the plow blade to the mounting upright(s) when the plow blade is in a working orientation. The mounting apparatus further includes a vehicle connecting member for attachment to the vehicle; the vehicle connecting member including a mechanism that allows the mounting frame to swivel in a generally horizontal plane when interconnected with the vehicle. RELATED APPLICATIONS The present application is (1) a continuation-in-part of U.S. Patent application Ser. 10/841,740, filed on May 7, 2004, which is a continuation of U.S.

Patent application Ser. 10/404,164, filed Mar. 31, 2003, now U.S. 6,817,118, which claims benefit of PCT/US01/47125, filed Nov. 12, 2001; (2) a continuation-in-part of U.S.

Patent application Ser. 10/850,151, filed on May 19, 2004, now U.S.

Auto-translator 0.88, 9, Translates text files using the Google API through a command line or visual(Tk) interface. Also designed for translation of. GoogleFreeTrans 0.1.2, 9, Free Google Translate API for Python. Translates totally free of. Mamba_xrays 0.1.1, 2, X-rays for your mamba spec files. Mangopayments 1.1.1, 2. Convert hex to text and hex decode strings. Online tool for hex decoding a string. Convert a hexadecimaly encoded text into an decoded string or download as a file.

7,131,221, which is a continuation-in-part of U.S. Patent application Ser. 10/404,164, filed Mar. 31, 2003, now U.S.

6,817,118, which claims benefit of PCT/US01/47125, filed Nov. 12, 2001; and (3) a continuation-in-part of U.S. Patent application Ser. 10/990,148, filed on Nov. 15, 2004, which is a continuation of U.S. Patent application Ser. 10/404,164, filed Mar.

31, 2003, now U.S. 6,817,118, which claims benefit of PCT/US01/47125, filed Nov. 12, 2001, all of which are herein incorporated by reference. FIELD OF THE INVENTION The present invention relates to adjustable snow plows for attachment to land vehicles, primarily personal utility vehicles such as pickup trucks and sport utility vehicles. BACKGROUND OF THE INVENTION Moving snow off of open ground, streets, sidewalks and parking lots is an age-old problem in less temperate climates where significant snowfall is anticipated during colder periods of the year. For instance, in many parts of Canada and in many northern states in the United States, significant snowfall can be expected during the late fall and early-to-mid winter months, and again in the late winter and even, at times, early spring. Clearing freshly fallen snow from open ground, parking lots, driveways, sidewalks and roadways, whether these surfaces are paved or not, is a task common to all of these areas that is generally required to make these surfaces safe and passable, both initially and over time if the snow begins to build up after multiple snowfalls.

If the snow is allowed to accumulate over a period of weeks, the snow eventually makes the use of these surfaces for both pedestrian and vehicular travel difficult, if not treacherous. Therefore, many devices have been designed and manufactured to remove freshly fallen and accumulated snow from such surfaces.

Municipalities generally use large vehicles with enormous snow plows to clear paved roadways used by the public, and county and state government public works and transportation departments in these areas also generally have a fleet of these kinds of vehicles to clear snow from roadways and from large parking lots on county-owned or state-owned properties. The purchase and use of such a vehicle by individuals, however, who have a need to move or remove accumulated snow in smaller areas, such as driveways and privately owned parking areas, is less feasible. First of all, the larger vehicles are expensive to purchase and maintain and are, in some cases, dedicated solely to the removal of accumulated snow. It will be appreciated that it would not be cost effective for an individual to purchase, house and maintain such a vehicle for just removing snow from driveways and smaller parking lots during a limited period of the year. Furthermore, these vehicles are difficult to operate and often require significant training or experience operating such vehicles. For this reason, many inventors have designed and manufactured adjustable snow plows that can be attached to pickup trucks and other vehicles for a period of time during the year when snow removal is required.

In this way, the vehicles can be used for other purposes during periods when snow removal is not required. Many of the snow plows attached to these vehicles, however, are large and heavy and are not easily attached and removed from the vehicles. A number of snow plows have been invented that attempt to address these problems.

For instance, Kowalczyk (U.S. Wsus Offline Update Alternatives And Similar Software Photoshop. 4,944,104) discloses a detachable snow plow assembly that is pivotally attached to a common passenger vehicle. In one embodiment of the invention, the snow plow includes rollers secured within attachment channels attached to mounting uprights to allow the plow blade to ride up and down when the blade comes into contact with irregularities in the surface. The plow blade can also pivot forward along with the mounting uprights in certain embodiments when the vehicle is moving backward allowing the plow blade to pivot forward over the ground. In other disclosures, such as the snow plow assembly disclosed by Rosenberg (U.S. 5,136,795), a trip mechanism is disclosed which allows the lower part of the plow blade to pivot backward when the plow blade comes into contact with relatively immovable objects and the trip mechanism is actuated.

Rosenberg also discloses a rubber scraper at the bottom of the plow blade which is secured between two metal plates and oriented at an angle rearward of a vertical orientation. Rubber scrapers are also disclosed on older snow plows, such as the snow plow mold board disclosed by C.

3,477,149), which discloses a resilient scraping blade made of rubber. This is a common feature in many snow plows, allowing the rubber scraper to contact the ground and provide a somewhat more forgiving surface with which to contact the ground when the plow is used to remove accumulated snow, but the rubber scraper is generally accompanied by a metal backing. Although each of these inventions has its own advantages, none of them are easy to attach to or remove from the vehicle.

These snow plows also tend to be heavy and cumbersome, and at least somewhat unsightly if one is required, for practical reasons, to keep it attached to the vehicle 24/7 for a period of several months during the snow season. The present invention provides a more cost effective and attractive snow plow for removing smaller amounts of accumulated snow from driveways and small-to-medium sized parking lots where one individual may wish to use his or her vehicle to remove snow during a relatively limited period of time, while still having use of the vehicle available for other purposes, not involving snow removal, when the snow plow must either be removed from the vehicle and/or placed in a suitable position for non-snow removing transit.

In addition, the prior art snow plows are generally so heavy that they will not ride up when they are on open ground, for instance, but will tear up the ground and remove grass and other plant things often just because of the sheer weight of the plow as it passes along the ground surface. Also, the prior art snow plows are often virtually impossible for a single person to handle, because of the weight associated with these plows; and plows that appear to be relatively light weight, such as the snow plow described by Knutson et al. 6,240,658), generally have multiple attachment points and do not appear to be highly effective, durable or marketable. The present invention provides solutions for these and other problems associated with the prior art devices for removing accumulated snow and methods used to accomplish the same. SUMMARY OF THE INVENTION The present invention provides a snow plow for attachment to a vehicle, the snow plow including a mounting apparatus having a mounting frame, the mounting frame including a mounting upright.

The snow plow further including a plow blade, the plow blade including retention apparatus constructed and arranged to disengageably secure the plow blade to the mounting upright(s) when the plow blade is in a working orientation for use to plow snow. The plow blade preferably includes a mold board, the mold board preferably being an aluminum extrusion having a hollow core that may be subdivided into cells or compartments. The preferred snow plow of the present invention includes an interconnection system or vehicle connecting member for interconnecting the mounting apparatus of the present snow plow to a vehicle that includes a simple swivel apparatus that can pivot horizontally to permit the plow blade to be turned either to the left or to the right of an angle generally perpendicular to the direction of travel of that of the vehicle pushing the plow blade. In preferred embodiments, the aluminum extrusion will preferably include at least one attachment channel, preferably a plurality of attachment channels, in which parts of the snow blade can be secured or anchored. Preferably, the snow plow is constructed and arranged to slidably secure the plow blade to the mounting uprights when the plow blade is in use.

The plow blade preferably includes first and second attachment channels and the retention apparatus preferably includes at least one retention member anchored in at least one of the attachment channels, preferably in both of the first and second attachment channels. In certain preferred embodiments, the mounting apparatus further includes an elongated member constructed and arranged to place downward force upon the plow blade when the plow blade is disengageably secured to the mounting uprights during use and the elongated member is a resilient elongated member, preferably a shock cord. In certain embodiments, the self-adjusting snow plow is attached to a vehicle in such a manner to permit the snow plow to make position adjustments when, during use then the vehicle is in motion, a portion of the snow plow comes into contact with a mass of snow or other relatively immovable objects on the ground, upon which the vehicle travels when in motion. The self-adjusting snow plow preferably includes a mounting apparatus for attachment to the vehicle, and a plow blade.

The mounting apparatus preferably includes first and second mounting uprights and the plow blade has first and second ends, a top, a bottom, retention apparatus, perhaps a retention member and a rubber scraper, preferably secured to the bottom of the plow blade. In certain embodiments, the retention apparatus will include first and second retention members. In these embodiments, the retention apparatus is generally constructed and arranged to at least partially encircle at least one of the respective mounting uprights when the plow blade is engaged with the mounting apparatus in a working orientation, such that the plow blade is in contact with the ground or objects on the ground. The retention apparatus will preferably include at least one retention member for each mounting upright. The retention members preferably slidably engage the respective mounting uprights when the plow blade is engaged with the mounting apparatus in a working orientation. When the plow blade alternate and preferred embodiments of the present invention come into contact with a mass of snow or other objects on the ground that are relatively immovable, the retention apparatus, preferably the respective retention members, can slide upward along the respective mounting uprights to enable the respective ends of the plow blade to slide upwardly relative to the mounting upright most proximate to that end of the plow blade. The retention apparatus or retention members, in preferred embodiments, permit the bottom of the plow blade to pivot away from the respective mounting uprights when the plow blade is engaged with the mounting apparatus in a working orientation and the vehicle is in motion in a direction rearward of the plow blade.

In certain embodiments, the rubber scraper secured to the bottom of the plow blade is a resilient elastomeric member having a resting orientation in which the rubber scraper extends downwardly and away from the bottom of the plow blade at an angle which extends forward from a plane which extends along a main surface of the plow blade. In certain of these embodiments, the rubber scraper is preferably about an inch thick and extends away from the plow blade at least about three and one-half inches. It is a primary objective of the present invention to provide a method of clearing accumulated snow from the surface of driveways, parking lots and other similar areas where snow removal is essential during the winter months. It is an additional objective of the present invention to provide such an apparatus that can be easily mounted and removed from the front end of pickup trucks, sport utility vehicles, all-terrain vehicles and other commonly used personal transit type vehicles, and that the apparatus for mounting the plow blade provides flexibility for mounting the plow blade at different relative heights with respect to vehicles that may stand at different relative heights off of the ground. It is a further objective of the present invention to provide such an apparatus for snow removal that is much simpler to install and use then other similar devices commonly found in the market today.

It is a further objective of the present invention to provide such an apparatus for snow removal which includes a plow blade which is relatively light and allows an individual person to lift respective ends of the plow blade in order to lower them into position for clearing snow or to lift the respective ends of the plow blade to secure the blade in position for transit, while still providing a durable plow made of materials strong enough to stand up to heavy use during the months in which snow plowing is required. It is a further objective of the present invention to provide such an apparatus for snow removal that does not require the owner of the vehicle to purchase separate running lights for the vehicle in order to use the self-adjusting snow plow.

It is yet another objective of the present invention to provide such an apparatus for snow removal that easily slides upward on a mounting apparatus to allow the plow blade to go up and over immovable objects encountered during use. It is a further objective to provide a plow blade that is essentially hinged to the mounting apparatus to permit rapid retreat for the convenience of the user. It is yet another objective of the present invention to provide such an apparatus for snow removal that allows the operator to drive in reverse after moving snow off of a flat surface, wherein the plow blade is able to “float” freely on a pair of mounting uprights and can slide up and down independently on the mounting upright(s), and wherein the lower portion of the plow blade can pivot forward with respect to the mounting uprights allowing the vehicle to easily draw the plow blade in reverse. It is yet another objective of the present invention to provide such an apparatus for snow removal that lifts the rubber scraper at the bottom of the plow blade off the ground when the vehicle draws the plow blade in reverse and the lower portion of the plow blade pivots forward with respect to the mounting apparatus. It is still a further objective of the present invention to provide such a method that does not employ the use of expensive and heavy hydraulic systems that are commonly used in such devices today. Although other vehicle accessory connection devices can be used, these objectives are preferably accomplished by the use of a common hitch receiver that is attached to (and extends forward from) the front end of the vehicle that is to be used in the plowing operation. This receiver hitch preferably provides a mounting point for the mounting apparatus, which is preferably accomplished by inserting a tongue of the plow hitch into the hitch receiver and then locking it into place with a pin.

This forms a solid mounting for the present invention that allows it to be quickly and easily attached to the front end of any vehicle. A primary advantage of this invention is that it does not require that a user keep the plow assembly on the plow vehicle for the entire season. Its ease of use is also a primary advantage as is its moderate cost. It is a further objective of the present invention to provide a system for placing downward force on the plow blade when the plow blade is in use, preferably a resilient elongated apparatus for placing downward force on the plow blade as a substitute for constructing the plow blade out of heavy materials which would be difficult for an individual to lift. Patent Citations Cited Patent Filing date Publication date Applicant Title Dec 23, 1914 Jun 8, 1915 Noah Darois Portable snow-scraper for trolley-cars.

One evening I was testing the snowboard with the sail attached in the street. My daughter was coming home from a babysitting gig and the father was driving her home.

He asked her,' What is that nut doing in the street?' To which my daughter replied, 'Oh, that's just my dad.' :-) Preliminary tests in the snow were NOT good:-( This does NOT mean a snowboard and sail will NOT work - just NOT for my purposes:-) See here:: from on. >Had a discussion with a mechanical engineer at work. He felt that the snowboard was generating too much resistance and works best under gravity or kite pull from above. He suggested I put skis underneath the board.

Another colleague at work was kind enough to donate an old pair of skis - needed to be 'old style' i.e. NOT parabolic. Since I did NOT want to punch holes in the snowboard (now i wonder why), I attached the skis to the snowboard using metal strips and small wood blocks. Once again I stuck to the hex IKEA type nuts. By chance the skis were angled out about 10 degrees. This was not intentional, but did help later on the ice.

This time the tests were MUCH better. I developed a bad habit whereby I would disembark when it came time to stop. This would prove to be my downfall (no pun intended). Based on my notes, the sled cost me only about $40 since I had the board, skis and mast base already - or were given to me!!!!

I gave it the full test on Easter weekend. Winds were strong - around 20 mph or so.

The lake (actually part of the St. Lawrence) was completely iced up, but a little rough. I only had my 3 cam older NP 7.0 powerful sail in town.

It started off quite well and I was pleasantly surprised. As I got out of the bay, winds picked up and I started to pull the sail in for more speed.

It handled it very well and I was starting to go pretty quick. I thought, okay, let's see what this baby can do. At one point I realized just how fast I was going and got a little nervous. The speed was due to the fact the skis were angled and I was sailing on the metal edges ONLY. I did what I had always done up until that day.I threw the sail to the ice and watched as the masthead of the boom broke - it was after all an old one and I stepped off the board trying to run.

It felt like I was Fred Flintstone i.e. My feet just could not keep up. Needless to say, I fell to the ice with the my arms outstretched. My chin hit my arm luckily, but I realized something was wrong.

I got up leaving my left arm up in the air and dragged my stuff back to shore. This was about a mile out now%^&* People did not help me because they did not realize that I was in pain.

One fellow asked me if my contraption worked. I told him, ' It works so well, I think I broke my f'n shoulder.' He either did not like my language or did not want to help because he disappeared quickly. As I was trying to load my stuff into the van another gentleman was kind enough to offer assistance and actually drove me to the hospital with his wife following in their car.

He had popped his shoulder in the past and told me it was not too bad to pop it back in. While i was at the 'reception desk' at the hospital I did not feel well.

I thought I was going to pass out. The nurse told me to go straight through door number 1. A doctor took me right away, but was quite rude and told me to get my dirty gloves off his paperwork. He also kept asking me why I thought I was going to pass out.

In my usual manner, I informed him that it was not I, who was the doctor:-) A friend of the family, who is an emergency room nurse, later informed me that pain is the culprit for making one feel that they are going to pass out.Felt like I kept going room to room, nurse to nurse and doctor to doctor. Since I was able to move my arm - under duress - the doctor said it was impossible that the shoulder was dislocated. It was a break of some sort. I had let it rip so much that I actually broke my left shoulder:-(. That winter I sailed up at the lake and also on a sod farm field. Still feel that the board still works best on ice or crusty snow.

May need to go towards a board like local freestyler Guy Trudeau. So, this year 2010 I built board #2. Feodor had suggested 30 to 45 degree for ice and 15 to 30 degrees for snow. So, first I tried 30 degree angle on the skis as suggested by my Finnish maniac:-) This 30 degrees bit too much, and so I made them 20 degrees.

Here's another pic and then I will start the journal entries:-). Addendum: In 2014 i discovered there once was a firm called ' SkiSailer'. They made something very similiar to what Guy Trudeau in Montreal calls the windski. It seems they tried to become commercially available, but died within one year and as such actually became a 1998 business case study: Skisailer: Marketing a Young Investor's Dream by Dominique Turpin, Kamran Kashani. 'A new product combining windsurfing and skiing runs into trouble during its first year of worldwide sales'. ( Here WAS a video from somewhere in Northern Europe I guess - i do not speak the dialect: another one bites the dust - can see how we will alter history in the future. 1984 and Brave New World here we come.

People who have died are still on facebook, but videos disappear) Here a photographer explains how people saw the SkiSailer at first glimpse - at the Gorge no less: In early 2014 - at the end of the 2013 winter session I met Claude Belanger, who has been WISSA, met Langis Carron, has two(2) winter sleds and windsurfs in the winter regularily. After more attempts at building a snow model, I decided to try and emulate theirs. Here is what i came up with. The board above has to be about version # 5 - version four is where the side skis were brought in on the red sled. As yet I have NOT folded the front snowboard under to meet the skis - like Claude Belanger and Langis Carron. Guess that will be next year -- 2015/2106. This year i am having too much fun testing this version out and making videos on it.

----------------------------------------- NO winter windsurf discussion would be complete without discussing or mentioning this site:. Jeff Brown of iceratz is mentioned. He sails on black ice in NE USA whenever he can!! REAL ice windsurfing is CRAZEE.

These dudes are doing over 40 - 50 knots with tiny 4.3 to 5.5 sails - some on wave sails and others on cambered race sails. I just went over my post and realized there is NO clip of myself and some of my attempts. There should be @ least one!! This one is from about 2014 with light winds and an MS-2 8 m² sail. Winds are so light I did not bother going back to get the forgotten harness!! You do NOT need to go fast to have fun. AND in case you are interested Guy aka GTJ did make a video about HOW to make a windski, which he uses for freestyle: I will be building one in 2016 Found this one on kijiji.

Like the raised platform for deeper snow. Not so sure about the slippery metal.

Atop Hamilton's multilayered defense system sits one of a new class of analysis tools (NFATs): Niksun's NetDetector. These products -- which also include SilentRunner and Sandstorm's NetIntercept -- combine robust with sophisticated analysis and forensics capabilities.

Before he would take Hamilton Scientific live on the Internet, Dr. Nusbaum searched for a product that monitored network traffic flow and had the forensics capabilities to enable his IT staff to trace back to any machines that attempt to log in or access its systems. That kind of information arms him to counter possible threats to the sensitive medical records databases accessed by physicians and administrators. 'You have to be able to adjust your defense mechanisms and parameters based on the attacks that occur,' says Nusbaum, still a very active vascular surgeon (his interview with Information Security was planned to fit into his surgery schedule).

'You can recreate what happened, and based on that make assumptions and maybe throw some more resources in that direction, if need be.' Sysadmins can use NFAT products to perform complex analysis that in the past was performed using a painstaking approach or was somewhat automated using creative scripting. A case in point is Van Nguyen, director of global security for cargo shipping giant American Presidential Lines (APL), who uses SilentRunner, an NFAT that features powerful visual analysis capabilities, to bolster security significantly with existing staff. 'My staff can be trained to use the tool to do investigations, the forensics, [and] the network traffics analysis,' says Nguyen.

'The tool provides all that view without additional head count.' Putting NFAT to Work As a logical next step beyond IDSes and the new breed of mitigation tools which use signature- and/or anomaly-based methods to detect and report an attack, NFAT products capture and retain all network traffic and provide the tools for forensics analysis. While an IDS may flag a particular attack, an NFAT user can replay, isolate and analyze an attack or suspicious behavior, then bolster network defenses accordingly. In fact, the three NFAT vendors interviewed for this article emphasize that their products should complement IDSes and. The playback features in all these tools show how and what has happened on the network.

In times of a successful attack, the products reveal exactly which hosts were broken into, which were compromised and then what happened next. 'If you're able to thwart an attack, you'd like to go back and see what they are doing,' Nusbaum says. 'What attempts did they make? What probes did they use?

Where did they go? What were they using to get in?' Working Definition It's hard to say exactly what we've been living without all these years. NFAT products defy narrow definition, in part because of the wide range of uses suggested by both vendors and customers. An admin might discover, for example, that an employee in the engineering department was e-mailing plans for the next major product to a competitor or that someone was tunneling sessions out of the company network to a host in Korea using. Discussions with all three vendors and several customers suggest several uses for this new class of product.

N-gram Analysis Text-based documents reveal patterns, if you know how to look. SilentRunner is unique among the three NFAT products discussed in its use of N-gram analysis to parse the contents of files to determine possible relationships, which it then displays using its powerful visualization capabilities. N-gram analysis has long been a field of study in computing automation theory and natural language processing.

N-gram analysis is a method of breaking up text-based documents into n-number long character words. The statistical similarity of occurrences of N-grams in the source texts ultimately leads to similarities in the source documents. For example, a document about coyotes will have occurrences of the tri-grams 'coy,' 'oyo,' 'yot' and 'ote,' which will be uncommon in other documents. Through N-gram analysis, you can determine the similarity of many documents by looking for a statistically significant number of matching N-grams.

Not-so-in-depth analysis. Although NetDetector's user interface was much simpler to operate than SilentRunner's, its analysis capability is limited to examining packet flow between hosts through the Web interface. You can quickly see what protocols are in use, what hosts are talking up a storm, and which pairs of connections are more popular than others.

However, it takes a while to drill down to the packet level. NetDetector's analysis function, which starts by selecting a time frame to examine, is most useful when you know what you are looking for (e.g., activity from a particular IP address or traffic using a specific protocol). TCP streams can be reassembled into the resulting FTP or Telnet sessions, for example, and then viewed in plaintext. The interface makes ferreting out anomalies a challenge -- the information is presented as line upon log file-style line of traffic. While the ability to create the various TCP streams is helpful, the Web playback feature lags far behind SilentRunner and NetIntercept. NetDetector comes nowhere near the ability of SilentRunner to graphically represent network traffic, which is significant when you don't know exactly what you're looking for. Although Net-Detector does provide the ability to click on the individual log entries for more detail, SilentRunner visualization eliminates the need to plow through all those lines of text.

During the analysis phase, names in captured traffic can be resolved offline using the management interface -- a nice feature for minimizing network noise and avoiding tipping off a potential intruder. How alarming. Unlike the other two products, NetDetector has powerful alerting capabilities. Alerts must be manually configured within several categories: utilization, TCP count, invalid address, host flood, host scan, host pair bytes and port scan. The alerts can be used to warn of, IP address spoofing, broadcast amplifications, port scans and to identify the use of unknown protocols. In addition, the threshold and time frame are also configurable to allow extremely slow port scans to be detected, for example.

This capability can also be useful to allow notification when traffic is seen from a particular IP or MAC address. Users can be alerted by popup screen message, e-mail, cellphone, pager or SNMP trap. Packet capture.

The NetDetector appliance is installed on a target network segment and supports almost every network interface and method imaginable, including T1, Ethernet (10/100/Gig-E), FDDI,, frame relay and, with support for OC-12 in development. NetDetector can even capture traffic on multilink PPP T1 lines, then reassemble the information for analysis. The product also can capture traffic in several ways, including taps, splitters and mirrored ports, depending on the network interfaces used and your network architecture.

The tool employs the Berkeley Packet Filter (BPF) syntax for filtering traffic, along with a Network Associates Sniffer-like interface. NetDetector continuously records network traffic into a circular buffer database, which is large and scalable. The base system starts with 150 GB of storage, which we were told is about two weeks' worth of full capture for a 'typical' customer on a 'typical' T1 connection. Data can be archived and exported in several formats, including a proprietary Niksun format, Sniffer, libpcap and TCPdump.

When the storage on the appliance fills up, the statistics remain, but the oldest data will be overwritten. Data must be offloaded from the appliance using FTP, HTTP or SCP. NetDetector, unlike NetIntercept, does not have an integrated CD-ROM-burning capability.

Feeling a bit insecure. The fact that NetDetector's background is that of a network and performance company rather than a security company was apparent in a few instances. Although the NetDetector appliance supposedly supports management over secure connections using and, the demonstrations we saw showed only HTTP, using basic authentication and Telnet. The sales engineer said that secure connection had to be turned on, but he didn't know how to do it. Although the system does include an easily configured firewall that can restrict access to the management interface, it's only necessary because of the insecure protocols running by default, including Telnet, FTP and HTTP.

One-day NetDetector training is available at the company's New Jersey facility. Niksun says that customers need only a few hours of training to become familiar enough with the tool to hit the ground running. NetDetector's price ranges from $20,000 to $80,000, depending on the amount of storage and the type of network interfaces. The user interface of Niksun's NetDetector's main screen presents total flow and individual node activity for a selected time period, as well as a graphic display that allows the user to see peaks and valleys of activity at a glance. Sandstorm Enterprises' NetIntercept NetIntercept, released last October, is the new face in the NFAT lineup.

NetIntercept is a solid entry-level contender that provides a nice balance of price, network traffic capture performance and forensics analysis capability, all wrapped up in an appliance that was designed with security in mind. NetIntercept identifies content by actually looking at it, rather than relying simply on the port it ran on. For example, the appropriate content type would identify Web traffic on port 25, or an FTP server running on port 2002, even though those aren't the standard ports for those services. This also enables alerts on packets whose content did not match the protocol type. For example, if someone were tunneling out a Telnet session over HTTP, the alert would be reported. Unlike NetDetector, NetIntercept lacks robust alarm capabilities. It has an alert function, but the user can only set priorities for a limited set of choices.

Alerts can only be viewed from the section of the interface in which they are set, and there's no remote notification capability. A major plus is the way security was designed into the product -- in contrast to security questions that may haunt NetDetector and possibly SilentRunner. We especially liked that remote management is performed only through SSH on port 22 and how the listening interface is hardened. NetIntercept won't broadcast a single packet -- it won't even respond to ARPs on the local subnet. NetIntercept only supports fast Ethernet network interfaces, since Sandstorm envisioned the product being deployed near a firewall or in a DMZ. Sandstorm did performance testing using all BSD flavors and a variety of Fast Ethernet cards and found the best capture performance using a combination of modified FreeBSD with Intel EtherExpress Fast Ethernet cards.

NetIntercept can import network traffic data from TCPdump, Net-X-Ray and LanWatch. Drilling down. NetIntercept's intuitive user display easily shows session-level activity from the network, including views at the IP, TCP and session levels. The NetIntercept desktop can be toggled among several tabs, including traffic capture, forensics and summary. Users of Sandstorm's first product, PhoneSweep, a modem-scanning tool, will immediately recognize the look and feel of the NetIntercept user interface. The display shows a graphical line chart representing the number of packets captured over time.

NetIntercept can determine DNS information based on traffic that was captured, and doesn't have to do active DNS lookups on the management interface like NetDetector. The ability to turn on and off the active DNS lookups is a useful tactic to avoid discovery of NetIntercept on your network. While analysis isn't as sophisticated as SilentRunner's, we found the forensic tools to be useful and intuitive to operate. Like NetDetector, NetIntercept requires a block of time to be selected for analysis, so it can reassemble packets into TCP streams. All three tools provide this protocol reconstruction capability, which is quite useful in playing back traffic to review network sessions. We spent most of our time using the forensics tab (see screen, right).

We would enter a keyword, or select a criteria or combination of criteria -- for example, port numbers and their associated services, IP addresses (source and destination), username and content type (AOL_IM, ASCII, HTML, etc.) -- each of which would be displayed in a column. We could drill down for more information by clicking on individual entries. Like SilentRunner, NetIntercept can extract and display all the images files that traveled across the network.

This can be revealing if you want a quick overview of the types of Web pages and images that are circulating. Archiving features.

One of the differentiators between Net-Intercept and the other products is its built-in. This allows data to be archived directly from NetIntercept user interface, which may be useful in a forensics investigation. In addition, forensics markers (placeholders) can be set when examining network traffic to help keep track of large amounts of data that may be examined. SSH can be used to securely transfer data from the appliance for archiving by other media (e.g., a tape drive). Like NetDetector, NetIntercept uses a circular buffer. When the hard drives are filled, the oldest data is automatically overwritten. However, if a new analysis session is started, that session is retained indefinitely.

NetIntercept utilizes 'file objects' for efficiency. If NetIntercept sees the exact same item -- such as a graphic file on your own Web page that people are constantly loading -- it references it instead of saving it multiple times. Training is informal, and available on an hourly basis. Technical support is available weekdays, 9 a.m. NetIntercept starts at $15,000 and includes 80 GB of storage with Fast Ethernet interfaces. The 'plus' version costs $21,000 and increases storage space to 300 GB. Both configurations come with dual processors and dual NICs.

If you're limited by budget and are content to capture traffic on Fast Ethernet segments, NetIntercept is a choice worth considering. Sandstorm's NetIntercept allows users to see multiple windows as they drill down. In this case, the forensics tab displays information in seven columns representing requested categories for a designated time span.

To investigate further, the operator has chosen streams that contain the username. Looking Ahead One of the potential issues that will arise from the ability to capture all network traffic is how to manage and archive the captured data. At least one company is developing a network traffic capture device with this in mind. A product like this will have full network capture capability in addition to supporting fully automated streaming of all captured network traffic data to disk storage and then to tape storage without any manual intervention. The technology to do this will utilize, Scalable Coherent Interface (SCI) and tape robotic library hardware. While NFAT products fill security gaps left by IDSes and network monitoring tools, they are all somewhat immature.

Ideally, we would like to see a tool that does it all: • Captures network traffic indefinitely on multiple interfaces without missing any data. • Performs advanced graphical analysis.

• Sends alerts based on user-defined events. • Employs secure remote administration.

• Archives data. In addition, since we're still dreaming, it would be reasonably priced and easy to learn and operate. Until this dream tool exists, the best solution is to determine your specific needs and objectives and choose the tool that's the best match. If an organization had enough money and resources, the most powerful solution might be to use NetDetector to capture network traffic data and then use SilentRunner operated by a dedicated analysis guru for the powerful analysis capability. About the authors: Nate King is a managing consultant with Predictive Systems' ethical hacking practice.

Errol Weiss is currently the vice president of technical services at MSSP Solutionary. At the time of this writing, Weiss was vice president of services strategy for managed security at vendor-neutral Predictive Systems.