DoS Exploitation of Allen-Bradley’s Legacy Protocol through Fuzz Testing
Nguyen, Thuy D.
MetadataShow full item record
EtherNet/IP is a TCP/IP-based industrial protocol commonly used in industrial control systems (ICS). TCP/IP connectivity to the outside world has enabled ICS operators to implement more agile practices, but it also has exposed these cyber-physical systems to cyber attacks. Using a custom Scapy-based fuzzer to test for implementation flaws in the EtherNet/IP software of commercial programmable logic controllers (PLC), we uncover a previously unreported denial-of-service (DoS) vulnerability in the Ethernet/IP implementation of the Rockwell Automation/Allen-Bradley MicroLogix 1100 PLC that, if exploited, can cause the PLC to fault. ICS-CERT recently announces this vulnerability in the security advisory ICSA-17-138-03. This paper describes this vulnerability, the development of an EtherNet/IP fuzzer, and an approach to remotely monitor for faults generated when fuzzing.
The article of record as published may be found at http://dx.doi.org/10.1145/3174776.3174780
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Nadeau, John P. (Monterey, California. Naval Postgraduate School, 2007-03);To accommodate the nationâ s escalating demand for natural gas, which is expected to increase 700% by 2030, the natural gas industry will likely build several new liquefied natural gas (LNG) import terminals. The location ...
Efficiency vs. security: information technology consolidations-resilience, complexity, and monoculture Ricker, Jennifer L. (Monterey, California: Naval Postgraduate School, 2018-03);Governmental organizations commonly seek to cut costs and increase efficiency through consolidation and standardization of information technology (IT) infrastructure. This may result in vulnerabilities not typically ...
The significance of consequence assessment applied to the risk based approach of homeland security Proctor, Richard B. (Monterey, California. Naval Postgraduate School, 2008-03);The purpose of this thesis is to challenge the risk based approach of homeland security practice to elevate the significance of consequence during the Homeland Security risk assessment process. The consequence variable ...