Show simple item record

dc.contributor.advisorGondree, Mark
dc.contributor.advisorNguyen, Thuy D.
dc.contributor.authorTacliad, Francisco
dc.dateSeptember 2016
dc.date.accessioned2018-02-05T18:33:05Z
dc.date.available2018-02-05T18:33:05Z
dc.date.issued2016-09
dc.identifier.urihttp://hdl.handle.net/10945/56714
dc.description.abstractEtherNet/IP is an industrial protocol that is built on top of the TCP/IP protocol suite. Though extending TCP/IP connectivity to industrial control systems (ICS) has enabled operators to implement more agile practices, it also has made ICSs more readily accessible to the outside world. Embedded control systems on Navy afloat and ashore platforms utilize EtherNet/IP, making those platforms prime targets for cyber attack. Fuzzing technology can analyze the message structure of ICS protocols like EtherNet/IP to help inform users on the robustness of the implementation. This thesis explores a proprietary EtherNet/IP implementation to determine its susceptibility to malformed packets. ENIP Fuzz, a Scapy-based fuzzer, was built to test for potential security vulnerabilities in EtherNet/IP implementations. This custom fuzz testing tool verifies the robustness of target applications or devices in handling abnormal input data. Results of this effort revealed a previously unreported vulnerability in an industrial controller commonly used in Navy control systems that causes a Denial of Service (DoS) by a single malformed packet.en_US
dc.description.urihttp://archive.org/details/enipfuzzscapybas1094556714
dc.publisherMonterey, California: Naval Postgraduate Schoolen_US
dc.rightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.en_US
dc.titleENIP Fuzz: a Scapy-based EtherNet/IP fuzzer for security testingen_US
dc.typeThesisen_US
dc.contributor.departmentComputer Science (CS)en_US
dc.subject.authorsecurity testingen_US
dc.subject.authorindustrial control systemen_US
dc.subject.authorfuzzingen_US
dc.subject.authorEtherNet/IPen_US
dc.subject.authorMicroLogixen_US
dc.description.serviceCivilian, SPAWAR Systems Center Pacificen_US
etd.thesisdegree.nameMaster of Science in Computer Scienceen_US
etd.thesisdegree.levelMastersen_US
etd.thesisdegree.disciplineComputer Scienceen_US
etd.thesisdegree.grantorNaval Postgraduate Schoolen_US
dc.description.distributionstatementApproved for public release; distribution is unlimited.


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record