1. Field of the Invention
The present invention relates generally to the data processing field and, more particularly, to network security. Still more particularly, the invention pertains to a method, apparatus, and program for extracting an echo response from a snooping device in a network data processing system.
2. Description of the Related Art
A great deal of effort is directed to developing network security products that detect and respond to security threats. The two most common techniques used by hackers are port scans and network snooping. Network snooping is particularly dangers because the snoop passively listens on the network to all traffic and gathers information on user identifications and passwords.
The problem of detecting someone snooping on the network may be understood by considering a group of people sitting around a dinner table. The people are blindfolded. Each person can talk to the others through direct conversation. Everyone agrees that they will not listen in on any conversation not directed to him. However, a rogue participant may sit at or near the table and eavesdrop on all of the conversations. Additionally, the rogue may speak in a legitimate manner at the table. The people may not know of the rogue's presence. Even if they did know of the presence of the rogue, they would not know the identity of the rogue.
In a similar manner, a hacker may modify a computer device to eavesdrop on network traffic. For example, a temporary employee may set up a computer in snoop mode to record user identifications and passwords. With a valid user identification and password, a hacker could gain access to sensitive information, for example. A hacker may hide in a stairwell with a laptop computer, within range of a wireless router, and steal confidential information.