Masking Networks :: Masking Shunt MS-100SC

By: Masking Shunt  06-Dec-2011

Masking Networks :: Masking Shunt MS-100SC

Our current product, the MS-100SC “Masking Shunt” is an inline appliance that masks the Layer 2 presence and identity of another inline appliance such as a firewall or intrusion prevention system. It modifies Ethernet packet headers entering and leaving the device by replacing the true MAC address of the device with clone MAC addresses harvested from other devices upstream and downstream of the device respectively. It also decrements the Layer 3 “Time-to-Live” value in order to hide the network hop of the masked device. The effect is to make the firewall or other protected device completely invisible at Layer 2.

The MS-100SC has been through extensive functional and compatibility testing by the U.S. Department of Defense, starting in 2007 and continuing until 2009. The Defense Information Systems Agency (DISA) deployed it to mask a rack of Sidewinder firewalls in their own facility and approved it for .MIL operational networks. It is designed to operate at full wire speed, be fully compatible, easy to install, and highly resistant to attack. It has no MAC address of its own and no web interface or operating system, making it virtually invisible on the network. The MS 100 is in production, has been through functional and compatibility testing by the US Department of Defense, and is available for government purchase. .

Contact Masking Shunt

Email - none provided

Print this page

Other products and services from Masking Shunt


MS 200 – The Next Generation

Our next generation MS-200 operates as a masking switch and meets the high performance requirements to mask high performance multi-port inline security devices and other critical systems. The MS-100SC succeeded in proving the feasibility of network masking and in identifying the customer and market requirements to commercialize the next generation MS-200 product family.


Masking Networks :: Masking a Firewall

This effectively blinds the cyber attacker by masking the identity and presence of firewalls, servers, virtual machine managers, LAN segments, IDS and other critical devices while maintaining full network compatibility and performance. The MS-200 operates as a masking switch and dynamically masks the network addresses of all devices directly connected to its ports. The following link shows the example of masking a multiport firewall.