The present application relates generally to an improved data processing apparatus and method and more specifically to mechanisms for detecting transparent network communication interception appliances, such as firewalls and load balancers.
The functionality of appliances such as firewalls and load balancers, when such components are well-built and properly installed, should be very difficult to discover automatically. One reason for this is network security enforcement. In order to thwart malicious activity, firewalls and load balancers should appear to simply be another device (e.g., router or server) in the computing network. Furthermore, legitimate discovery mechanisms use management connections to discover what elements are present in the network. Due to security mechanisms, only authorized clients are permitted to make management connections. In many instances, it may be hard to obtain the credentials to make such secure connections, still leaving firewalls and load balancers hard to detect. Even beyond as it relates to security, firewalls and load balancers behave like a general network components, such as servers or routers, from the viewpoint of discovery mechanisms that may not require security credentials. This is especially true since their unique functionality, especially in the context of data centers, is transparent to end users and are not affected by legitimate discovery techniques.