ENIP Fuzz: a Scapy-based EtherNet/IP fuzzer for security testing
Nguyen, Thuy D.
MetadataShow full item record
EtherNet/IP is an industrial protocol that is built on top of the TCP/IP protocol suite. Though extending TCP/IP connectivity to industrial control systems (ICS) has enabled operators to implement more agile practices, it also has made ICSs more readily accessible to the outside world. Embedded control systems on Navy afloat and ashore platforms utilize EtherNet/IP, making those platforms prime targets for cyber attack. Fuzzing technology can analyze the message structure of ICS protocols like EtherNet/IP to help inform users on the robustness of the implementation. This thesis explores a proprietary EtherNet/IP implementation to determine its susceptibility to malformed packets. ENIP Fuzz, a Scapy-based fuzzer, was built to test for potential security vulnerabilities in EtherNet/IP implementations. This custom fuzz testing tool verifies the robustness of target applications or devices in handling abnormal input data. Results of this effort revealed a previously unreported vulnerability in an industrial controller commonly used in Navy control systems that causes a Denial of Service (DoS) by a single malformed packet.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Kolbas, Patrick Joseph (Monterey, California. Naval Postgraduate School, 1991-06);This thesis examines the implications for nuclear deterrence between the United States and the Soviet Union brought about by the dramatic changes in the strategic environment during the 1980s. Specifically, it examines the ...
Robust parameter design for agent-based simulation models with application in a cultural geography model Wiedemann, Michael (Monterey, California. Naval Postgraduate School, 2010-06);Robust parameter design (RPD), which has been extensively used in industrial and system design, is used in this thesis to determine where to set controllable factors to achieve the desired response in a social dynamic-driven ...
Birkemeier, Scott M. (Monterey, CA; Naval Postgraduate School, 2018-06);This study combined and modified designs of solar-powered hydrogen generation and compression facilities in order to allow for continuous autonomous operation of a 100-percent renewable hydrogen system. The hydrogen ...