Frequently Asked Questions
- What type of Internet connections can
IPNetSentry protect?
- My Internet Service Provider assigns me a private IP address.
They claim I do not need any other protection software. Is
this true?
- I am getting continually hit with
Port 137 Intrusions (Windows Networking). What are these and what
can I do?
- I get a "server cannot connect" to my machine message. What
is wrong?
- What is the current status
on IPNetSentry?
- Will IPNetSentry work with IPNetRouter for Internet
Sharing?
What type of Internet connections can
IPNetSentry protect?
IPNetSentry will work with almost ALL Internet connections and
your Macintosh.
You should definitely consider using some type of Internet security
software with almost all high-speed Internet services. This includes
cable modem, DSL and ADSL modems, T1 lines, and other Internet services
which are constantly connected and/or offer throughputs greater
than about 128 kbits/sec to the Internet.
Theft and other forms of security risks over a slower dialup modem
are not quite as great as that over a higher speed connection. A
short dialup phone connection to the internet is not much of a security
risk and you might not need IPNetSentry in that configuration if
that's generally how you use your home modem connection. If you
leave your dialup configuration on for long periods of time you
should consider getting IPNetSentry, especially if you use our IPNetRouter
product for Internet Sharing.
IPNetSentry can also suppliment security on an
IPNetRouter gateway.
Top
My Internet Service Provider assigns
me a private IP address. They claim I do not need any other protection
software. Is this true?
Yes and no. Having a private IP address (examples: 10.1.1.34, 172.17.3.45,
192.168.1.35) does offer you some protection from anyone outside
of your ISP's network trying to connect to your machine. BUT someone
within the ISP's network can still attempt to connect to your machine
(because they are on the same private network as your machine).
For this reason, it is still wise to run a security application
such as IPNetSentry on your Macintosh.
Top
I am getting continually hit
with Port 137 Intrusion alerts (Windows Networking). What are these
and what can I do?
Your ISP is passing other user's chatty Windows Networking datagrams
...which really are not a threat to the Mac user. They are more
of a nuisance (and waste of bandwidth). Another possible source
of these datagrams is the recent (October 2002) "bugbear" and "scrup"
worms which invade Windows machines via email attachments. Once
again, these intrusions do NOT directly attack Macs, but any such
intrusion should certainly be considered an "unwanted guest". For
more information regarding the Bugbear worm, please see:
W32.Bugbear@mm
or I-Worm.Tanatos
Port 137
Scans
Windows continually broadcasts such datagrams just to see what
other Windows are out there (in the "Windows Neighborhood"). Initially
we included a trigger in the IPNetSentry Config file which would
detect such datagrams and then block any access from these Windows
machines. Afterall, most Mac users will have no need to have any
Windows users see them on the public network.
There are a couple of solutions to eliminate the intrusion alerts:
Both of these solutions are most easily handled if you edit the
IPNetSentry Config file with SimpleText. (the IPNetSentry Config
file resides in your System Preferences folder).
Once you have this file open, you can make it so that IPNetSentry
still detects these Windows networking datagrams, and continues
to block these Windows users, but no alerts will appear on your
machine. Just add the word "none" to the end of the Windows Networking
triggers, i.e.:
change:
+trigger\tcp\137\windows_networking
+trigger\udp\137\windows_networking
to:
+trigger\tcp\137\windows_networking\none
+trigger\udp\137\windows_networking\none
This will still protect against these Windows machines, but will
not alert you to the fact that it has done so (although you can
always check the IPNetSentry Log file).
OR
You can just remove these triggers by commenting them out. Just
put an exclamation point at the beginning of the line:
!+trigger\tcp\137\windows_networking
!+trigger\udp\137\windows_networking
After making any changes to the IPNetSentry Config file, save the
file, close it, and Turn Off then Turn On IPNetSentry with the IPNetSentry
Companion application. This will invoke the new settings.
I get a "server cannot connect" to
my machine message. What is wrong?
If you have been assigned a private IP address by your ISP (or
local network administrator) the Configuration and Test section
of our IPNetSentry Companion Application cannot make a connection
back to your machine. This is normal.
IPNetSentry is still working to protect your Macintosh. The default
configuration file, which was placed in your Preferences folder
during IPNetSentry installation, provides excellent protection for
most Macintosh users:
If you wish to make any changes to this file you can simply edit
this file with any text editor (such as SimpleText). Please see
our IPNetSentry
Command Syntax document for further details on editing this
file.
After making any changes to the IPNetSentry Config document you
will need to first turn off IPNetSentry then turn it back on in
order to invoke the new configuration.
Top
IPNetSentry Development
Status (11-Sep-2001)
We are continuing IPNetSentry development. IPNetSentry v1.2 provides
significant enhancements over the previous releases. This includes
payload inspection capabilities, so that worms such as the Code
Red worm can be detected and stopped (even if running a web server).
For registered users, this upgrade is currently provided at no
additional cost.
The current status on OS X compatibility, development and pricing,
etc. are covered on the Sustworks "Mac
OS X Status" web page.
We invite you to subscribe
to our NetAnnounce email list to immediately get public product
announcements when they are made.
Top
Will IPNetSentry work with IPNetRouter for Internet
Sharing?
Yes. The trigger mechanism for blocking port scanning will work
in conjunction with IPNetRouter.
Simply install the software on the IPNetRouter gateway machine and
configure it normally. IPNetRouter users may also want to take advantage
of IPNetSentry Applescript support for email/pager notification
when an external scan of their gateway machine occurs.
IPNetSentry's security can particularly benefit IPNetRouter gateways
sharing a cable/DSL/ADSL modem through a single ethernet port (Internet
modem and private LAN clients connected to the same hub/switch).
In this particular configuration, you should install IPNetSentry
on both your gateway and on any private LAN client you wish to improve
security for. For other types of Internet sharing configurations,
you need only install IPNetSentry on the IPNetRouter Mac.
In most cases, IPNetSentry and IPNetRouter will run without any
special configuration on the same machine. See the "IPNetSentry
Compatibility" topic on the IPNetRouter Troubleshooting web
page for more compatibility info.
There are three cases, however, where some additional configuration
of the IPNetSentry Config file will be necessary. These are:
1. The IPNetRouter single ethernet
configuration.
2. The IPNetRouter configuration which
is used to share a PPP or Remote Access connection (this includes
ADSL connections which use the Remote Access control panel).
3. The IPNetRouter dual ethernet
ethernet configuration where the built-in ethernet interface is
used for the private LAN and not the Internet connection.
No additional configuration of IPNetSentry is required if you are
running IPNetRouter in the recommended dual ethernet configuration
with the Internet connection being made through the built-in ethernet
port.
The IPNetRouter single ethernet
configuration
Because there is only one ethernet port, we need to tell IPNetSentry
to ignore triggers from machines on your private subnet (this is
the 192.168.x.y subnet. Your value of "x' will be specific to your
subnet, and each machine on your subnet will have a unique value
of "y").
To accomplish this, you must do the following:
Launch the IPNetSentry Companion Application and Turn Off IPNetSentry.
Launch SimpleText. Open the IPNetSentry Config file which resides
in your System Preferences folder.
Add the following line at the end of all the #set commands:
#set\excluded_subnet\192.168.x.0/24
where "x" is a number specific to your IPNetRouter private subnet.
Save the IPNetSentry Config file and close it.
Turn On IPNetSentry through the Companion Application.
Your private machines are now excluded from triggering IPNetSentry,
while all other machines on the outside can trip IPNetSentry's triggers.
The IPNetRouter PPP/Remote Access configuration
When sharing a PPP connection, the active TCP/IP control panel
is setup for the private LAN (most often an ethernet LAN). We need
to tell IPNetSentry that it should place its triggers on the public
PPP interface and not on the private LAN interface.
To accomplish this, you must do the following:
Launch the IPNetSentry Companion Application and Turn Off IPNetSentry.
Launch SimpleText. Open the IPNetSentry Config file which resides
in your System Preferences folder.
Add the following line at the end of all the #set commands:
#set\public_port_name\PPP
Save the IPNetSentry Config file and close it.
Turn On IPNetSentry through the Companion Application.
The triggers will now be applied to the PPP port and properly protect
your machine.
The IPNetRouter dual ethernet
configuration where the built-in ethernet port is used for your
private LAN.
IPNetSentry automatically assumes the built-in ethernet port is
used for the public interface. If this is not the case, we need
to tell IPNetSentry that it should place its triggers on the proper
interface (in this case, the added ethernet card).
To accomplish this, you must do the following:
Launch the IPNetSentry Companion Application and Turn Off IPNetSentry.
Launch SimpleText. Open the IPNetSentry Config file which resides
in your System Preferences folder.
Add the following line at the end of all the #set commands:
#set\public_port_name\Ethernet Slot A1
(Ethernet Slot A1 is given as an example. Enter the true name of
your added Ethernet port, as shown in the Interfaces window of IPNetRouter).
Save the IPNetSentry Config file and close it.
Turn On IPNetSentry through the Companion Application.
The triggers will now be applied to the added ethernet interface
(the public interface) and properly protect your machine.
Top
|