|
|
Q: Do I need CallerIP if I already have a firewall? A: As the methods of Internet security attacks have become very sophisticated, it is dangerous to assume that a firewall makes your system immune to hackers. Firewalls provide protection by permitting or blocking programs or ports -- a user can allow or disallow a program or port access to the Internet. However, once access has been permitted through a firewall, the program or port is no longer protected -- CallerIP provides added security by reporting exactly what the program is doing even if access has been permitted. This is significant because backdoors can be installed on your system without your knowledge -- possibly by installing a program disguised as a legitimate application, or simply by visiting a legitimate website that has been infected by a virus or worm. CallerIP actively monitors system ports and alerts you to possible backdoor threats, even if they have been permitted by the firewall program. Additionally, many backdoors are known to actually modify a firewall configuration to so it will remain undetected, CallerIP can recognize suspect activity when a firewall has been compromised. Q: Is CallerIP like an anti-virus program? A: CallerIP should be used in addition to a good firewall and anti-virus program. CallerIP provides added protection to anti-virus by identifying suspicious behavior even before a virus scanner recognizes a virus on your system. Anti-virus updates are often not available for days after an attack is identified. For example, a recent worm attack infected several popular web sites, and resulted in visitors to those sites to unknowingly connect to a site in Russia which recorded keystrokes such as passwords and credit card numbers. While it was several days before security patches were available, CallerIP would have instantly shown an anomalous connection to Russia, alerting you to the security risk. A: A backdoor is a malicious program designed to accept incoming communications to your computer, allowing an attacker to access your files and confidential information without your knowledge. Backdoors are often disguised as legitmate programs and installed on your system without any indication. A: In CallerIP click on the IP address to determine its network provider, and then on the email address which should open up a new email message (if not, simply copy/paste the email address). As ISPs are overloaded with security compliants, you need to state your case clearly and succinctly, and provide backup information of the attack such as logs showing the activity (such as a firewall and CallerIP log). Logs should clearly indicate the IP address, date and time stamp, and what ports were attempted. Be sure to indicate your time zone so they can determine who an IP was assigned to at the time of attack, and to copy the relevant section of the log into your message (in lieu of sending it as an attachment). If your information is complete the ISP will likely warn or deactivate the customer's account. If you have been a victim of identity theft or for more information refer to the FTC identity theft site. Q: Can I monitor a remote system with CallerIP? A: Yes, you can easily install CallerIP on a remote system and set up automated alarms to notify you by email of a suspect connection. For example, if you have a Windows system that runs the Remote Desktop application, you can run CallerIP on that system and have it send you an email if someone connects to port 3389 (the port used by Remote Desktop). Similarly, you can set up alarms to notify you of a connection from a specific country, or to a specific port, etc. Q: What do I do if there is a suspect connection on my system? A: First, review the Listening Ports dialog to identify the process name. Is this a program you recognize and know to be legitimate? If not, perform an Internet search on the process name to help identify it and determine if it is a legitimate program. Make sure your anti-virus software is up-to-date with the latest updates available from the anti-virus software vendor, and run a full scan on your system. Most modern virus scanners such as Norton Antivirus or McAfee VirusScan are able to detect backdoors. Make sure you are up-to-date with critical patches to your operating system, web browser, email clients, and any other software that may access the Internet. You may update a Microsoft Windows system by using the Microsoft Windows Update site, and installing any critical updates. Q: Why is the IP location sometimes
different in CallerIP and VisualRoute? A: CallerIP identifies the location of the network provider (ISP) providing Internet access for the connection to/from your system. The network provider country location is normally the same as the end-user location, although with national providers such as MSN or Earthlink the city location may differ. VisualRoute traces an IP address to its physical city/country location, providing greater accuracy for an end-user location. In VisualRoute locations appearing in black are 'known' locations, while locations appearing in purple are considered best 'guesses', indicating the network provider location. Q: Why do I get a jview application error when running CallerIP? A: This error occurs on old versions of the Microsoft JVM (3190 and less.) Upgrade your JVM to build 3191 or 3239+ (for Win 2000 users that is service pack 1 or greater.) Details. |
