CallerIP Frequently Asked Questions
• Do I need CallerIP if I already have a firewall?
• Is CallerIP like an anti-virus program?
• What is a backdoor?
• How can I report a hacker?
• Can I monitor a remote system with CallerIP?
Results and Data
• Why is the IP location sometimes different in CallerIP and VisualRoute?
• Why are the time stamps in the traceroute analysis table incorrect?
• Why do I get a jview application error when running CallerIP?
Q: Do I need CallerIP if I already have a firewall?
A: As the methods of Internet security attacks have become very sophisticated, it is dangerous to assume that a firewall makes your system immune to hackers. Firewalls provide protection by permitting or blocking programs or ports -- a user can allow or disallow a program or port access to the Internet. However, once access has been permitted through a firewall, the program or port is no longer protected -- CallerIP provides added security by reporting exactly what the program is doing even if access has been permitted. This is significant because backdoors can be installed on your system without your knowledge -- possibly by installing a program disguised as a legitimate application, or simply by visiting a legitimate website that has been infected by a virus oor worm. CallerIP actively monitors system ports and alerts you to possible backdoor threats, even if they have been permitted by the firewall program. Additionally, many backdoors are known to actually modify a firewall configuration to so it will remain undetected, CallerIP can recognize suspect activity when a firewall has been compromised.
Q: Is CallerIP like an anti-virus program?
A: CallerIP should be used in addition to a good firewall and anti-virus program. CallerIP provides added protection to anti-virus by identifying suspicious behavior even before a virus scanner recognizes a virus on your system. Anti-virus updates are often not available for days after an attack is identified. For example, a recent worm attack infected several popular web sites, and resulted in visitors to those sites to unknowingly connect to a site in Russia which recorded keystrokes such as passwords and credit card numbers. While it was several days before security patches were available, CallerIP would have instantly shown an anomalous connection to Russia, alerting you to the security risk.
Q: What is a backdoor?
A: A backdoor is a malicious program designed to accept incoming communications to your computer, allowing an attacker to access your files and confidential information without your knowledge. Backdoors are often disguised as legitmate programs and installed on your system without any indication.
Q: How can I report a hacker?
A: In CallerIP click on the IP address to determine its network provider, and then on the email address which should open up a new email message (if not, simply copy/paste the email address). As ISPs are overloaded with security compliants, you need to state your case clearly and succinctly, and provide backup information of the attack such as logs showing the activity (such as a firewall and CallerIP log). Logs should clearly indicate the IP address, date and time stamp, and what ports were attempted. Be sure to indicate your time zone so they can determine who an IP was assigned to at the time of attack, and to copy the relevant section of the log into your message (in lieu of sending it as an attachment). If your information is complete the ISP will likely warn or deactivate the customer's account. If you have been a victim of identity theft or for more information refer to the FTC identity theft site.
Q: Can I monitor a remote system with CallerIP?
A: Yes, you can easily install CallerIP on a remote system and set up automated alarms to notify you by email of a suspect connection. For example, if you have a Windows system that runs the Remote Desktop application, you can run CallerIP on that system and have it send you an email if someone connects to port 3389 (the port used by Remote Desktop). Similarly, you can set up alarms to notify you of a connection from a specific country, or to a specific port, etc.
Results and Data
Q: Why is the IP location sometimes different in CallerIP and VisualRoute?
A: CallerIP identifies the location of the network provider (ISP) providing Internet access for the connection to/from your system. The network provider country location is normally the same as the end-user location, although with national providers such as MSN or Earthlink the city location may differ. VisualRoute traces an IP address to its physical city/country location, providing greater accuracy for an end-user location. In VisualRoute locations appearing in black are 'known' locations, while locations appearing in purple are considered best 'guesses', indicating the network provider location.
Q: Why are the time stamps in the traceroute analysis table incorrect?
A: The time stamps in the traceroute analysis table are all supposed to be local, however there is a known issue in Java itself which can cause the wrong time stamp to be shown.
There's information on this bug here: http://www.petefreitag.com/item/171.cfm
An official bug report was filed with Sun Microsystems (the makers of Java), though it was closed as 'not reproducible' despite evidence to the contrary: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6362432
We would suggest the following:
(1) Please try updating your Java VM. Most customers have found that this solves the problem completely.
(2) If this fails, try switching off the "adjust clock for daylight savings time" option. We have found that this solves the problem under older Java VMs.
If the issue still presents itself then please contact us.
Q: Why do I get a jview application error when running CallerIP?
A: This error occurs on old versions of the Microsoft JVM (3190 and less.) CallerIP now requries Sun's JVM. Details.