Net Sentry

Sustworks Home

 

Configuring Net Sentry

Net Sentry is configured by placing specific commands into a text file which is called "Net Sentry Config" and which resides within your System Preferences Folder:

This file should have already been placed in your Preferences folder when you installed Net Sentry. It should also should have been automatically opened in SimpleText if you have come to this page by clicking the button in the Net Sentry Companion application.

The factory configured Net Sentry settings will be all that are needed for most Net Sentry users. You will only want to change these if you want to:

  • Change the Notification behavior of Net Sentry (how it alerts you to a potential intrusion).
  • Change the default time a triggered filter remains into effect (how long the attacking IP Address will be banned).
  • Change the logging mode (whether detailed or only triggered attacks are logged).
  • Set up Net Sentry triggers for different protocols and ports.
  • Add additional filters permitting exclusive Internet access to your machine from one or more remote machines on the Internet (thereby automatically banning all others from accessing your machine). Example: you only want to permit Timbuktu access to your personal machine at home from a specific machine (IP address) at work.

Once you have constructed a Net Sentry configuration file, you will just copy it and paste it into SimpleText. Then save it as "Net Sentry Config" in your Preferences Folder. Restarting Net Sentry (turning it back on) with the Net Sentry Companion application or restarting your machine will invoke this new configuration.

Directions

(IMPORTANT: you should have JavaScript enabled in your browser to use this configuration page).

Make desired selections from each of the sections listed below. When you are finished, click the "Build Net Sentry Configuration" button. This will generate your Net Sentry Configuration file. Copy it, paste it into SimpleText, and save it in your Preferences Folder as "Net Sentry Config".


Default Filter Time

Description: When Net Sentry is triggered, it installs a filter which completely prohibits the remote machine from accessing your Macintosh. You can specify the time a filter should time out and automatically be removed from the Net Sentry Aged Filters file. This will free up room in the Aged Filter table.

Factory Setting: 7200 seconds (2 hours).

Your Setting (seconds): or choose from this popup:
(minimum is 60 seconds)


Notification Method

Description: When Net Sentry is triggered, a filter is automatically installed which completely prohibits the remote machine from accessing your Macintosh. You have several ways to be notified of such action (if you wish to be notified at all).

Factory Setting: Alert notification box. (an alert appears telling you the triggering IP address, the protocol, the port, and the service (HTTP, FTP, SMTP, etc.).

Options:

  1. No Notification (a log of the trigger event is still recorded in the Net Sentry.log file)
  2. Alert Notification Box (factory setting)
  3. Browser Notification. Your running web browser is taken to a page on the Sustworks site which provides you with more detailed information about the domain of the triggering party. This information can be very useful if you wish to contact an administrator at the remote party's ISP (informing them of the unauthorized intrusion).
  4. Alert & Browser Notification.

Your Setting:


Logging Mode

Description: A log file of every trigger event is kept in the file "Net Sentry.log" which resides in your Preferences Folder. This is normal logging behavior. For debugging purposes you can enable more detailed logging by specifying Mode 1 logging. This mode will permit Net Sentry to record several internal events which occur when Net Sentry starts up and runs. Mode 1 is mainly used when we have encountered some problem with the application and need additional information from you to debug the problem.

Factory Setting: 0 (standard trigger logging)

Options:

  1. Standard Trigger Logging
  2. Detailed Debug Logging
  3. Detailed Debug Logging w/reset - resets the log each time Net Sentry is restarted

Your Setting:


Net Sentry Triggers

Description: Net Sentry works by setting triggers (or trip wires) for unsuspecting intruders. When an intruder attempts to make a connection to or sends a packet to one of these triggers, a filter is immediately invoked which completely prohibits the intruder from any access to your Macintosh.

You can specify any set of triggers (protocols and ports) you want t(up to 64 individual triggers). Good triggers include services which intruders typically scan to see if they are operating; for example: a SMTP (email) server (TCP Protocol - Port 25), a FTP server (TCP Protocol - Port 21) , a SNMP server (remote network management TCP Protocol - Port 161) , a Telnet server. (TCP Protocol - Port 23) or a DNS server (UDP Protocol - Port 53).

Factory Settings:

  1. SMTP (TCP - 25)
  2. SNMP (TCP - 161)
  3. Telnet (TCP - 23)
  4. DNS (UDP - 53)
  5. BOOTP - DHCP Server (UDP - 67)
  6. FINGER (TCP - 79)
  7. POP3 (TCP - 110)

Your Settings:

Configure:

You can manually add to or delete from the above list.

You can also add a trigger by either:

  1. selecting a service from this popup menu and clicking the Add Trigger button OR
  2. by specifically entering a protocol, port and service name and clicking the Add Trigger button.

Select Service

Or Enter

Protocol
(tcp or udp)
Port Number
(1 - 65535)
Service Name

Important: You must NOT add triggers which conflict with servers running on your Macintosh. For example, if you are running Personal Web Sharing, then you would not add a trigger for HTTP (web sharing) nor for FTP (web sharing). Doing so will cause a conflict.

You MAY, however, want to limit access to these servers to specific remote machines. You limit such access by adding specific access filters. These access filters are configured in the next section.


Access Filters

Description: When you run an IP based server on your Macintosh (e.g. apple TCP file sharing, personal web sharing, a ftp server, Timbuktu, etc.) you are potentially giving access to your machine to anyone on the Internet. Adding access filters will permit you to limit which remote machine(s) have access to these servers running on your Macintosh.

Factory Setting: No access filters are configured.

Your Settings:

Configure:

You can manually add to or delete from the above list. (if you manually add a filter, please make sure it has the correct syntax).

Choose a server service you are running on your Macintosh (or enter a specific protocol and port). Then enter an IP address of the remote machine for which you wish to grant access. Click the Add Access Filter button to complete this entry.

IF you wish to grant more than one remote machine access to this server, select the number of remote machines from the popup menu.

Server Service
Or Enter
Protocol
(tcp or udp)
Port Number
(1 - 65535)

IP Address of Remote Machine
How Many Remote Machines

Each access filter is actually composed of two Net Sentry filters: the bottom most entry blocks ALL remote access to this server while the top most entry grants access to remote machines which fall within the IP address range specified.

Do not be concerned about duplicate BLOCKing filter entries in your settings list. These duplicates will be removed when we build your Net Sentry configuration file (which is the next, and final, step).

There is one special access filter which you can add to the above list which will make your Macintosh invisible to PING and Trace Route type queries. This is an ICMP (Internet Control Message Protocol) filter. Adding this filter will prohibit any remote machine from Pinging your machine. In most cases adding such a filter is OK, but there may be some instances where your ISP may require a response from your machine in order to keep your Internet connection alive.


Build Net Sentry Configuration File

You are now ready to build your complete Net Sentry Configuration file. Just click the "Build Net Sentry Configuration File" button to continue.

Copyright 2000 by Sustainable Softworks.