Sustainable Sustworks - Tools for Internet Travel
Inspired Tools for the Mac



IPNetSentry is a Faceless Background Application (FBA) which silently monitors suspicious activity on your Internet connection. Such activity would typically include attempted connections to mail servers (for spam), Telnet ports (for remote logins), network control (to configure routers), etc. Your Macintosh does not have to be running these services. These are simply "trigger services" set by IPNetSentry awaiting to be tripped by an unsuspecting intruder. In addition, IPNetSentry can easily be configured to let selected remote users access your Mac. For example, you might wish to share sensitive files with a remote colleague (using Apple's TCP/IP file sharing built into MacOS 9). With IPNetSentry you can easily permit this single person to access your machine while blocking all others. It offers solid IP filtering security on top of Apple's Groups and Users authentication system.

IPNetSentry comes with a preconfigured set of "triggers" which initially defines "suspicious activity". These triggers are contained with the "IPNetSentry Config" document which is user configurable. This way you can readily build your own configuration document defining what you would consider "suspicious activity" (up to 64 different triggers).

How does IPNetSentry differ from most other Macintosh Internet security products? It's probably easiest to see these differences by looking at the following analogy. Let's consider protection of a house. Assume we have two identical houses (A & B) which are to be protected from intruders.


House A
House B

Home owner A decides he will protect his property by surrounding the perimiter of his lot with a brick wall. Not a bad idea at first glance. His house is certainly protected. Homeowner B decides he will protect his property by getting a guard (sentry):

House A
House B

So far, so good. Both solutions seem to do the job. BUT here is where some problems arise. Homeowners A & B both like pizza. They want it delivered. Both also want their mail and newspapers delivered. As well as garbage picked up. And so on. These are all services desired by both families. And it just so happens that each service in this town requires its own unique entrance into the property. As a result, here is what we have after permitting such access:

House A
House B

Home owner A has had to essentially "punch holes" in his brick wall to give various wanted services access to his property. Home owner B, however, has only had to tell his sentry which services are desired. Once instructed, the sentry will permit access to those authorized and deny all others.

And there is more!

The sentry employed by home owner B is also quite clever and fast. As instructed by home owner B, the sentry has setup various trip wires ("triggers") in some of the which the homeowner never intends to use. When an intruder tries to gain access through one of these booby-trapped windows, the sentry is alerted. The sentry then immediately catches the intruder, escorts him off of the property, and bans him from further access. For all others, however, the property can be accessed as if nothing had happened.

The Importance of Payload Inspection

There is one additional feature of IPNetSentry which is not available in any other firewall product for the Macintosh: payload inspection (also known as packet inspection). Here is where this is important. Say you are running a web hosting server. Because you are running a server, you will want to permit incoming connections, typcially on TCP Port 80 (the standard port for web servers). With a typcial firewall, you will simply add a "Pass" filter for ALL datagrams coming in where the destination port equals 80. BUT do you really want to permit all such datagrams? Not really. There are worms out there which specifically target web servers (Nimda, Code Red, etc.), hence you would like to inspect the incoming datagram destined for your server BEFORE granting access. A normal firewall has no way of doing such payload inspection. It is as if the firewall sees that the delivery is from the pizza guy, but never bothers to look in the pizza box. But IPNetSentry can "look into the pizza box" making sure what is being delivered is what is wanted. By doing so, IPNetSentry can uniquely detect and stop Nimda, Code Red, File Maker Pro Hacker access attempts before these datagrams even reach your server(s).

These are the main differences between IPNetSentry and other Macintosh firewall based products. The differences are significant.

You might be asking "But wait...firewalls are well known as security products. Even Sustworks IPNetRouter has firewall capability. So why this different approach with IPNetSentry?"

The reason for the different approach has to do with the number of machines being protected by the security agent.

Firewalls are designed to protect several machines on a LAN (local area network) which is connected to the Internet. They give a network administrator complete control over what Internet services are available from the outside world and who can access these services. For such situations it often makes more sense to have a single administrator setting up a firewall than it does to have everyone on the LAN doing their own thing (especially when it comes to "punching holes" in a firewall...imagine what a mess this could become).

For the single machine user, however, a firewall is most often overkill. It can actually become more of a burden to administer than it is a benefit. Hence IPNetSentry: Simple and intelligent security for your Macintosh.


Up to 64 Triggers (either TCP or UDP protocols, any ports). Pre-configured triggers include:

  • SMTP (TCP - 25)
  • SNMP (TCP - 161)
  • Telnet (TCP - 23)
  • DNS (UDP - 53)
  • BOOTP - DHCP Server (UDP - 67)
  • FINGER (TCP - 79)
  • POP3 (TCP - 110)

Up to 100 aged filters (filters installed after a trigger is tripped). These filters age (time out) after a preset time (which you can set). Aged filters completely ban a potential intruder from accessing your machine.

Up to 100 additional filters for limiting specific access to a service from a specific remote IP address(es). Example: you are running Apple's TCP/IP file sharing. But you only want to give access to this service to one remote machine. IPNetSentry easily lets you do this through Access Filters. Only the remote IP address(es) you designate will be permitted access...all others will be blocked.

Flexible notification modes. Silent operation (no notification). Alert notification (alert box informs you of an intrusion). Browser notification (your browser is taken to a page which provides you with more details regarding the intruder and his/her Internet Service Provider (including contact names and numbers)).

IPNetSentry works in a faceless background mode (it runs, but you do not see it in your list of running applications). A convenient companion application lets you turn Net Sentry Off and On, and provides several other important functions (view trigger log, view aged filters, configure IPNetSentry Config file, etc.). The companion application is only needed when you wish to change or view some feature of the Net Sentry FBA. Normally the IPNetSentry FBA runs unattended and silently in the background.