Frame-based communications protocols may embed device specific data as part of the frame. For example, in 100BASE-TX the SA (source address) frame may contain codes which indicate the manufacture and modelnumber of the source device. This information is sometimes known as the media access control (MAC) originating address. The MAC address is an address specific to the type of network hardware and thus provides invaluable information, such as the manufacturer and model number, to a hacker. Capturing the MAC originating address while not simple is sought after by the everyday hacker. The capture of a firewall's MAC originating address provides a doorway into the secure system being protected by the firewall. There are numerous other network devices that employ MAC originating address such as network cards.
The first phase of hacking into a network is the discovery phase which gets the password, IP (internet protocol) address in a dumpster or a network's topology. The hacker sniffs about the network or performs a network scan. In such instances, the firewall's MAC originating address can be captured, thus identifying the manufacturer and model number of the firewall's network interface(s).
One attempt to conceal the MAC originating address of the firewall is to spoof (fake) a MAC originating address (since the communication standards requires a packet to be assembled with a MAC originating address). However, the transmissions with an invalid MAC originating address do not generally conceal or render the device invisible since a pattern of invalid address might eventually be detected.
It is now possible with Linux and OpenBSD to create transparent bridging firewalls. What all bridges tend to have in common is that, although they sit in the middle of a connection between two machines, the two machines do not know that the bridge is there. Ethernet bridging takes place at Layer 2 (network layer) on the ISO stack. The Linux/OpenBSD bridging system needs no IP address. It does not even need to reveal its Ethernet address. The only telltale sign that a filter might be there is that latency is somewhat higher, and that packets do not seem to make it to their final destination. While, the Linux/OpenBSD solution functions as intended, such solution is operating system dependant, vulnerable to tampering or hacking and is not easily adaptable to a variety of network devices and applications.
In view of the above, there is a continuing need for a device masking shunt to assist in providing a transparent bridging function that is independent of an operating system (in other words, does not use or require an operating system) and as such would be tamper proof. The transparent bridging function can then be used to hide firewalls (or other devices or networks), monitor traffic, or provide a redundancy switch-over function.
Additionally, there is a continuing need for a firewall that can be configured in promiscuous mode to pass IP addresses straight through and which would not divulge its MAC address for any IP level requests.
Furthermore, there is a continuing need for a device masking shunt that can be used defensively to aid in the securing of a network and which both monitors operations of a firewall and automatically takes corrective action in the event of failure or network saturation.
As will be seen more fully below, the present invention is substantially different in structure, methodology and approach from that of the prior bridging devices.