Designing Electronic Devices with Awareness
NetChime Research announced today the release of the NetChime ver 1.0 Network Tonalizer. This device listens to the network traffic flowing over a network, analyzes the packets and generates a short sound for each packet transmitted. The purpose is to make computer users aware of what is happening on their networks. The types of sounds generated depend on characteristics of the packets transmitted. This enables a user to perceive how a computer is communicating with other systems without having to interpret detailed displays from standard packet capture and analysis tools. Consequently, a user can be made aware that something unusual is happening with his or her system. The device has been designed to generate appealing sounds similar to those generated by a windchime, and like a windchime, the Network Tonalizer only makes noises when something is happening in the environment where it is located.
Unlike a windchime, the Network Tonalizer responds differently depending on the subtlest of changes in the environment. For example, the sounds the device makes when the user is web surfing are quite different from the sounds that are made when the user is transfering a file with ftp or connecting to another computer using a tool like telnet. The user quickly recognizes which sounds are associated with particular activites. Also, the user recognizes that there are many times when the device is quiet. These quiet times correspond to times when the user is not commanding the computer to do anything with the network. Consequently, when the Network Tonalizer starts making unusual noises at inappropriate times, the user is alerted that something has changed.
These changes can be indicative of malware or network based attacks and allow the user to understand what activities may have triggered an attack. For example, the user may open a pdf file containing some malware, and find that the Network Tonalizer immediately begins generating noises that weren't present before.
Alternatively, the user may have installed some "free" software on his computer and find that a sound now occurs everytime he types a key on his keyboard. This would be a good clue that the installation included a malicious keystroke capture program.
Because network traffic can be quite voluminous, the Network Tonalizer overlaps sounds on top of one another, and also filters out highly redundant sounds that might make it difficult to hear the more unusual traffic that could be cause for alarm. Jeff Flynn, product manager for NetChime Research says "One can think of this like rain falling on a tin roof. A single drop can be heard, and a rainshower can be heard, but, in the case of the Network Tonalizer, the noise of the rain never gets so loud that one cannot hear the dog barking, the front door opening and an intruder entering the house. Of course when it comes to hearing traffic on our networks, most of us don't hear anything. Most of us are in a situation similar to that of a deaf person who is unable to hear an intruder enter his home."
NetChime Research is marketing these devices initially to individuals and companies involved in Malware Reverse Engineering (MRE) and Computer Network Defense (CND). Currently, the Network Tonalizer is priced at less than $1000. NetChime Research is also developing a similar product for the home computer user market.