ENIP Fuzz: a Scapy-based EtherNet/IP fuzzer for security testing
Nguyen, Thuy D.
MetadataShow full item record
EtherNet/IP is an industrial protocol that is built on top of the TCP/IP protocol suite. Though extending TCP/IP connectivity to industrial control systems (ICS) has enabled operators to implement more agile practices, it also has made ICSs more readily accessible to the outside world. Embedded control systems on Navy afloat and ashore platforms utilize EtherNet/IP, making those platforms prime targets for cyber attack. Fuzzing technology can analyze the message structure of ICS protocols like EtherNet/IP to help inform users on the robustness of the implementation. This thesis explores a proprietary EtherNet/IP implementation to determine its susceptibility to malformed packets. ENIP Fuzz, a Scapy-based fuzzer, was built to test for potential security vulnerabilities in EtherNet/IP implementations. This custom fuzz testing tool verifies the robustness of target applications or devices in handling abnormal input data. Results of this effort revealed a previously unreported vulnerability in an industrial controller commonly used in Navy control systems that causes a Denial of Service (DoS) by a single malformed packet.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Kolbas, Patrick Joseph (Monterey, California. Naval Postgraduate School, 1991-06);This thesis examines the implications for nuclear deterrence between the United States and the Soviet Union brought about by the dramatic changes in the strategic environment during the 1980s. Specifically, it examines the ...
Robust parameter design for agent-based simulation models with application in a cultural geography model Wiedemann, Michael (Monterey, California. Naval Postgraduate School, 2010-06);Robust parameter design (RPD), which has been extensively used in industrial and system design, is used in this thesis to determine where to set controllable factors to achieve the desired response in a social dynamic-driven ...
Automated control of a solar microgrid-powered air compressor for use in a small-scale compressed air energy storage system Williams, Joshua N. (Monterey, California: Naval Postgraduate School, 2017-06);As part of the Office of Naval Research's study of advanced energy technologies, this research examined the development and implementation of a control system for the compression phase of a small-scale compressed air energy ...