Sustainable Sustworks - Tools for Internet Travel
Inspired Tools for the Mac
Search





 




Frequently Asked Questions

 

  1. What type of Internet connections can IPNetSentry protect?
  2. My Internet Service Provider assigns me a private IP address. They claim I do not need any other protection software. Is this true?
  3. I am getting continually hit with Port 137 Intrusions (Windows Networking). What are these and what can I do?
  4. I get a "server cannot connect" to my machine message. What is wrong?
  5. What is the current status on IPNetSentry?
  6. Will IPNetSentry work with IPNetRouter for Internet Sharing?


What type of Internet connections can IPNetSentry protect?

IPNetSentry will work with almost ALL Internet connections and your Macintosh.

You should definitely consider using some type of Internet security software with almost all high-speed Internet services. This includes cable modem, DSL and ADSL modems, T1 lines, and other Internet services which are constantly connected and/or offer throughputs greater than about 128 kbits/sec to the Internet.

Theft and other forms of security risks over a slower dialup modem are not quite as great as that over a higher speed connection. A short dialup phone connection to the internet is not much of a security risk and you might not need IPNetSentry in that configuration if that's generally how you use your home modem connection. If you leave your dialup configuration on for long periods of time you should consider getting IPNetSentry, especially if you use our IPNetRouter product for Internet Sharing.

IPNetSentry can also suppliment security on an IPNetRouter gateway.

Top


My Internet Service Provider assigns me a private IP address. They claim I do not need any other protection software. Is this true?

Yes and no. Having a private IP address (examples: 10.1.1.34, 172.17.3.45, 192.168.1.35) does offer you some protection from anyone outside of your ISP's network trying to connect to your machine. BUT someone within the ISP's network can still attempt to connect to your machine (because they are on the same private network as your machine).

For this reason, it is still wise to run a security application such as IPNetSentry on your Macintosh.

Top


I am getting continually hit with Port 137 Intrusion alerts (Windows Networking). What are these and what can I do?

Your ISP is passing other user's chatty Windows Networking datagrams ...which really are not a threat to the Mac user. They are more of a nuisance (and waste of bandwidth). Another possible source of these datagrams is the recent (October 2002) "bugbear" and "scrup" worms which invade Windows machines via email attachments. Once again, these intrusions do NOT directly attack Macs, but any such intrusion should certainly be considered an "unwanted guest". For more information regarding the Bugbear worm, please see:

W32.Bugbear@mm or I-Worm.Tanatos

Port 137 Scans

Windows continually broadcasts such datagrams just to see what other Windows are out there (in the "Windows Neighborhood"). Initially we included a trigger in the IPNetSentry Config file which would detect such datagrams and then block any access from these Windows machines. Afterall, most Mac users will have no need to have any Windows users see them on the public network.

There are a couple of solutions to eliminate the intrusion alerts: Both of these solutions are most easily handled if you edit the IPNetSentry Config file with SimpleText. (the IPNetSentry Config file resides in your System Preferences folder).

Once you have this file open, you can make it so that IPNetSentry still detects these Windows networking datagrams, and continues to block these Windows users, but no alerts will appear on your machine. Just add the word "none" to the end of the Windows Networking triggers, i.e.:

change:

+trigger\tcp\137\windows_networking
+trigger\udp\137\windows_networking

to:

+trigger\tcp\137\windows_networking\none
+trigger\udp\137\windows_networking\none

This will still protect against these Windows machines, but will not alert you to the fact that it has done so (although you can always check the IPNetSentry Log file).

OR

You can just remove these triggers by commenting them out. Just put an exclamation point at the beginning of the line:

!+trigger\tcp\137\windows_networking
!+trigger\udp\137\windows_networking

After making any changes to the IPNetSentry Config file, save the file, close it, and Turn Off then Turn On IPNetSentry with the IPNetSentry Companion application. This will invoke the new settings.


I get a "server cannot connect" to my machine message. What is wrong?

If you have been assigned a private IP address by your ISP (or local network administrator) the Configuration and Test section of our IPNetSentry Companion Application cannot make a connection back to your machine. This is normal.

IPNetSentry is still working to protect your Macintosh. The default configuration file, which was placed in your Preferences folder during IPNetSentry installation, provides excellent protection for most Macintosh users:

If you wish to make any changes to this file you can simply edit this file with any text editor (such as SimpleText). Please see our IPNetSentry Command Syntax document for further details on editing this file.

After making any changes to the IPNetSentry Config document you will need to first turn off IPNetSentry then turn it back on in order to invoke the new configuration.

Top


IPNetSentry Development Status (11-Sep-2001)

We are continuing IPNetSentry development. IPNetSentry v1.2 provides significant enhancements over the previous releases. This includes payload inspection capabilities, so that worms such as the Code Red worm can be detected and stopped (even if running a web server).

For registered users, this upgrade is currently provided at no additional cost.

The current status on OS X compatibility, development and pricing, etc. are covered on the Sustworks "Mac OS X Status" web page.

We invite you to subscribe to our NetAnnounce email list to immediately get public product announcements when they are made.

Top


Will IPNetSentry work with IPNetRouter for Internet Sharing?

Yes. The trigger mechanism for blocking port scanning will work in conjunction with IPNetRouter. Simply install the software on the IPNetRouter gateway machine and configure it normally. IPNetRouter users may also want to take advantage of IPNetSentry Applescript support for email/pager notification when an external scan of their gateway machine occurs.

IPNetSentry's security can particularly benefit IPNetRouter gateways sharing a cable/DSL/ADSL modem through a single ethernet port (Internet modem and private LAN clients connected to the same hub/switch). In this particular configuration, you should install IPNetSentry on both your gateway and on any private LAN client you wish to improve security for. For other types of Internet sharing configurations, you need only install IPNetSentry on the IPNetRouter Mac.

In most cases, IPNetSentry and IPNetRouter will run without any special configuration on the same machine. See the "IPNetSentry Compatibility" topic on the IPNetRouter Troubleshooting web page for more compatibility info.

There are three cases, however, where some additional configuration of the IPNetSentry Config file will be necessary. These are:

1. The IPNetRouter single ethernet configuration.

2. The IPNetRouter configuration which is used to share a PPP or Remote Access connection (this includes ADSL connections which use the Remote Access control panel).

3. The IPNetRouter dual ethernet ethernet configuration where the built-in ethernet interface is used for the private LAN and not the Internet connection.

No additional configuration of IPNetSentry is required if you are running IPNetRouter in the recommended dual ethernet configuration with the Internet connection being made through the built-in ethernet port.


The IPNetRouter single ethernet configuration

Because there is only one ethernet port, we need to tell IPNetSentry to ignore triggers from machines on your private subnet (this is the 192.168.x.y subnet. Your value of "x' will be specific to your subnet, and each machine on your subnet will have a unique value of "y").

To accomplish this, you must do the following:

Launch the IPNetSentry Companion Application and Turn Off IPNetSentry.

Launch SimpleText. Open the IPNetSentry Config file which resides in your System Preferences folder.

Add the following line at the end of all the #set commands:

#set\excluded_subnet\192.168.x.0/24

where "x" is a number specific to your IPNetRouter private subnet.

Save the IPNetSentry Config file and close it.

Turn On IPNetSentry through the Companion Application.

Your private machines are now excluded from triggering IPNetSentry, while all other machines on the outside can trip IPNetSentry's triggers.


The IPNetRouter PPP/Remote Access configuration

When sharing a PPP connection, the active TCP/IP control panel is setup for the private LAN (most often an ethernet LAN). We need to tell IPNetSentry that it should place its triggers on the public PPP interface and not on the private LAN interface.

To accomplish this, you must do the following:

Launch the IPNetSentry Companion Application and Turn Off IPNetSentry.

Launch SimpleText. Open the IPNetSentry Config file which resides in your System Preferences folder.

Add the following line at the end of all the #set commands:

#set\public_port_name\PPP

Save the IPNetSentry Config file and close it.

Turn On IPNetSentry through the Companion Application.

The triggers will now be applied to the PPP port and properly protect your machine.


The IPNetRouter dual ethernet configuration where the built-in ethernet port is used for your private LAN.

IPNetSentry automatically assumes the built-in ethernet port is used for the public interface. If this is not the case, we need to tell IPNetSentry that it should place its triggers on the proper interface (in this case, the added ethernet card).

To accomplish this, you must do the following:

Launch the IPNetSentry Companion Application and Turn Off IPNetSentry.

Launch SimpleText. Open the IPNetSentry Config file which resides in your System Preferences folder.

Add the following line at the end of all the #set commands:

#set\public_port_name\Ethernet Slot A1

(Ethernet Slot A1 is given as an example. Enter the true name of your added Ethernet port, as shown in the Interfaces window of IPNetRouter).

Save the IPNetSentry Config file and close it.

Turn On IPNetSentry through the Companion Application.

The triggers will now be applied to the added ethernet interface (the public interface) and properly protect your machine.

Top