 |
|
NetAlert 2001 (Version 5.0)
Your personal early warning system
|
Contents
NetAlert is a "watchdog" program from the ReallyGood Software
Company that sits in your system tray and monitors all of your
TCP/IP ports. It serves as an early warning security system to help
protect you from hackers by not only detecting connections with
remote hosts, but telling you who has initiated the connection,
whether you are on the Internet or on a Corporate Network.
NetAlert gives you the option of ignoring commonly used ports and
alerts you when a connection is detected on a monitored port. It is
easy to run and has install and uninstall support as well as a log file
with an auto archive option.
Back to the top
If you have downloaded the file nasetup.exe from the ReallyGood
website, simply run the executable file to install NetAlert on your
system.
You will be prompted for a location to load the program files on your local
system and an icon will be created on your desktop.
Back to the top
When you run NetAlert (na2001.exe) it will be auto-minimized to an
icon in your system tray at the bottom right hand corner of your screen until an alert
comes in. Right-clicking on this icon with your mouse will bring up
the NetAlert menu.
NetAlert System Tray Icon
|
|
NetAlert Menu
|
Pressing "Show" from the NetAlert menu displays the main results
screen. This is also the screen which pops up when a connection is detected.
NetAlert Pop Up Window (Results)
The Category column relates to the type of connection. Values in
this column are: WWW, POP3, SMTP, FTP, Telnet, NNTP and
INTRUDER.
The Remote Computer column will either display the remote computer name or it's
IP address, depending on the settings you have on the Options screen (See
section 3.3).
A red tick in the In/Out column indicated that the connection was initiated
by your system, a yellow exclamation mark indicates that it was initiated by a remote
system.
Some browser connections initiated by your system will show as incoming because different pieces of the data sent back to your
system are sent to different local ports. Generally it is safe to ignore the browser port (WWW= port 80). This can be done from the
Options screen.
The column widths on the Results Screen can be resized by placing
the cursor on the black column heading and dragging the mouse to
the required size. However, the overall size of the NetAlert window
is fixed.
Selecting various tabs at the bottom of the results window allows you to view the options windows.
Back to the top
Selecting the Log Options tab brings up the following
screen:
Log Options
You can choose to manually archive your log files or automatically
archive them daily, weekly or monthly. The log file is a comma delimited
text file, which can easily be viewed using Microsoft Excel or similar
applications.
Back to the top
Selecting the Options tab, brings up the following screen:
Standard Port Monitoring
To activate any changes to the port monitoring list, you
must close NetAlert by selecting "Close" from the NetAlert
menu and then restart the program.
The default is for all ports to be monitored. By un-checking the
boxes on the left hand side of the screen you can choose to ignore
commonly used ports such as:
- Pop3 (110) [Mail]
- SMTP (25) [Mail]
- FTP (21) [File Transfer Protocol]
- Telnet (23) [Used to initiate connections to remote hosts]
- WWW (80) [Web Browser]
- NNTP (119) [News Groups]
In the example above, the user has chosen to ignore several known
ports (110, 25, 21, 80 and 119).
By ignoring some or all of the known ports, you are still protecting
your system from almost all hacking attempts, without the
annoyance of NetAlert constantly popping up and beeping.
If you
wish to monitor all ports, you can choose to stop NetAlert from
popping or beeping by checking the "Don't Beep" and/or "Don't
PopUp" boxes.
When the "Auto Resolve DNS" box is clicked, NetAlert will
automatically convert the IP address into the network name of the remote system
in the results screen to help you to determine if the connection is friendly or
not. For example in the screen shot in section 3.1, the screen shows
"INTRUDER" because a non-standard port was used, but the resolved name
shows that the user has simply connected to Hotmail.
We recommend that the Auto Resolve DNS feature be used.
By clicking the "Show Last Connection" box, you are activating the
Display Window.
The NetAlert Display window shows the details of the most recent
connection to your system. The initial display is shown below:
The IP address of the most recent connection is shown in the
display window when a connection alert is displayed.
Back to the top
TCP/IP Ports (Known Services)
NetAlert lists all the known services that utilise the TCP/IP Ports on
your computer. This will allow you to determine if a detected connection is an
attack, or the result of an action on your behalf. For example if you are
transferring files via ftp, you may get a connection on port 20 and port 21 of
your computer.
BEWARE ! Hackers often use the known ports to try to escape detection. If you are unsure of the origin of a connection, you should disconnect from the network.
NOTE: This window is for information only - checking or unchecking the boxes has no effect on the program
operation.
Back to the top
TCP/IP Ports (Known Intruders)
The Known Intruders list shows the ports used by well known viruses and
hackers, so that you can see the likely culprit when you detect an
intruder on your system.
When an unauthorized connection is detected by NetAlert, it is recommended that you log off immediately to break the
connection and minimize the damage to your system.
NOTE: This window is for information only - checking or unchecking the boxes has no effect on the program
operation.
Back to the top
Selecting the Extras tab, brings up the following screen:
Optional Port Monitoring
Many people have asked us to have the ability to ignore particular ports or IP addresses that they commonly use in their systems, so here is where you do it.
To ignore individual ports or IP addresses, simply add them to the appropriate list and they will be ignored by NetAlert.
To activate any changes to the port monitoring list, you
must close NetAlert by selecting "Close" from the NetAlert menu and then restart the program.
Back to the top
Selecting the Notify Me tab, brings up the following screen:
Email Notification
Many people have asked us to have the ability to receive email notification of system intrusions to allow them monitor their systems
remotely.
To be able to use this feature you must have access to an email SMTP
server. Most ISP's provide you with a POP Server for incoming mail and an
SMTP Server for outgoing mail. For details on your SMTP server name refer to
your ISP.
Back to the top
Remember, whether it's a competitor trying to steal your files, an
Administrator trying to monitor your computer or a hacker trying to
upload a virus onto your system, you have the right to stop it and
NetAlert 2001 is here to help you.
What do I do if the word INTRUDER? appears in the category column?
A suspicious connection has been detected on a port not commonly
used. NetAlert does not disconnect the remote host from your system. When you receive
an intruder alert message, we recommend that you attempt to determine if the
connection relates to an action you have initiated, if it doesn't then it may well
be someone trying to hack into your system.
If you suspect that someone is attempting to hack into your system, it is wise to disconnect from the
Internet or which ever network you are connected to, so as to break
the connection.
What is a DNS?
DNS stands for Domain Name Server. Every computer connected to the internet has
an IP (Internet Protocol) address. A Domain Name Server
provides a correlation between the computer's network name and it's IP address.
Not all computers have network names and in this instance NetAlert will simply
display the computer's IP address even when the resolve DNS box is ticked.
If NetAlert displays a resolved domain name, how can I find out the
remote system's IP address?
If you have the "Show Last Connection" box checked on the options
screen, you should see the NetAlert display at the top of your screen, this will
show the IP address of the last connection (see section 3.3).
If the system you want to find out about was not the last connection, or you did
not have the show last connection set, then you should note the time of the
connection from the results screen and look in the NetAlert.log file which is
located at the destination you have specified in the log options screen (see
section 3.2).
Back to the top
If you have a question that hasn't been answered in this document, email us
here for further information:
Back to the top
NetAlert is distributed as Shareware with a free 15 day evaluation period. After the evaluation period has expired, the trial version will cease to function.
If you find this program useful and would like to continue to use it beyond the evaluation period, single user licenses can be purchased for only
$45 US.
Click here for details on how to register NetAlert.
If you choose to use your credit card, you will be given the option of Secure Online Sales, Phone Sales or Fax Sales. Postal Sales using money orders are available for those who do not wish to use a credit card.
We will send you a registration code and an activation key via email upon receipt of your registration fee.
Registered users of our programs are eligible for full support from The ReallyGood Software Company.
(c) 2001 The ReallyGood Software Company