Sustainable Softworks

MESSAGE

Testing IPNetSentryX

This page provides a test platform for IPNetSentryX, letting you simulate an intrusion into your Mac OS X system.

Requirements:

You must have IPNetSentryX installed and running on your machine to perform these tests.

If you just installed IPNetSentryX, then launch it, authorize it (if this is the first time running), click the "Apply" button, and turn on the firewall by checking the "Firewall Enabled" checkbox.

Description:

You will be able to simulate an attempted intrusion into your Macintosh.

There are four different "attack" servers from which to test IPNetSentryX. Each test server has a unique IP addresses which is different than the IP address of our main Sustworks.com site. Hence, even though these tests will trigger IPNetSentryX and install filters which will block further communication between your Macintosh and one or more of these test servers, these filters will not impare your ability to connect to our main Sustworks.com web site (nor any other web site).

As you proceed from step to step, the results of your actions will be displayed in another browser window. Please return to this page to continue testing.

Step 1. Select a test server from which you will run the tests and trigger Net Sentry. Each test server can be considered a remote "intruder".

Test Server:

Step 2: Run a Ping test from this server by clicking the "Ping " button. This will demonstrate that the test server can indeed reach your machine (before triggering an IPNetSentryX filter). This test assumes that you HAVE NOT added the ICMP filter to your IPNetSentryX configuration. IF you have added an ICMP filter to your IPNetSentryX configuration, goto directly to Step 3. (note that the default IPNetSentryX configuration does NOT contain the ICMP trigger).

This initial Ping test should demonstrate that a remote machine (in this case one of our test servers) can indeed reach your Mac OS X machine with zero packet loss.

Step 3. Using the popup menu below, choose a service to test (attempt intrusion).

you can directly enter a protocol and port to test .

Typical services an intruder would look for include a SMTP (email) server (TCP Protocol - Port 25), a SNMP server (remote network management TCP Protocol - Port 161) , a Telnet server. (TCP Protocol - Port 23) a DNS server (UDP Protocol - Port 53), or the Remote Procedure Call service (SunRPC Service, TCP and UDP Protocols, port 111).

The default IPNetSentryX configuration installs triggers and alerts for :

Finger Print (TCP or UDP - 0 to 5)
Echo (UDP - 7)
SMTP (TCP - 25)
SNMP (TCP - 161)
Telnet (TCP - 23)
DNS (UDP - 53)
DHCP Server (UDP - 67)
FINGER (TCP - 79)
POP3 (TCP - 110)
SunRPC (TCP - 111)
LPR (TCP - 515)
SOCKS (TCP - 1080)
NFS (TCP or UDP - 2049)

You should test with one of these services if you are using the default IPNetSentryX configuration.

Select Service

Or Enter
Protocol (tcp or udp)	Port Number (1 - 65535)

Step 4. After choosing a service or entering a Protocol and Port Number, click the "Attempt Intrusion" button.

If you have applied the default configuration to IPNetSentryX and have the Firewall Enabled checked, then you should have been notified of the intrusion attempt through an alert box.

Step 5. Run another Ping test from this server by clicking the "Ping" button.

This should demonstrate that the "Intruder" is now completely blocked from accessing your Macintosh, and cannot even Ping your machine (your machine is essentially invisible to this Intruder). This is exhibited with a 100% packet loss during a ping test from the test server.

Repeat these steps using the other test servers.

These tests demonstrate that IPNetSentryX immediately blocks remote machines when they try to intrude into your system. This is further shown in the IPNetSentryX Log Viewer window (which can be opened under the "Tool" menu).

� 2000-2003 Sustworks