Archive for 'SCADA Protocols'
What Do VxWorks Vulns Mean?
HD Moore recently published a blog entry highlighting some serious vulnerabilities in VxWorks – – an operating system used by a number of field devices in SCADA and DCS. What does and doesn’t this mean?
This has little or no impact on the security of control system field devices. Not because they could not be vulnerable [...]
Author: Dale Peterson
Posted: August 10th, 2010 under SCADA Protocols, Vulnerability Disclosure.
Comments: 3
Automatic Fuzzer Generation
Following up my last post on fuzzing an unknown proprietary protocol, we’ve now got a collection of packet captures to start ripping through to get some semblance of a fuzzer going to send packets to our target. Theres a few routes we can go, something as simple as flipping bits and putting garbage data into [...]
Author: Daniel Peck
Posted: May 27th, 2010 under SCADA Protocols.
Comments: none
Auditing Proprietary Protocols in Control Systems
Thanks to the near constant stream of “the sky is falling, these protocols aren’t secure” presentations at security conferences around the globe, everyone is familiar with mainstream ICS protocols, Ethernet IP, DNP3, and of course Modbus, amongst others. And of course it is important to make sure that these protocols are implemented correctly to assure [...]
Author: Daniel Peck
Posted: May 26th, 2010 under SCADA Protocols.
Comments: 3
Android Control System Applications
After reading Daniel’s SCADA Everywhere blog I decided to take a look on the Android marketplace. It appears there is very little control system software available for the Android platform. Of the applications I did find, there were a couple of home automation applications, a model train control application and a MODBUS/TCP appliction. [...]
Author: Charles Perine
Posted: May 6th, 2010 under Big Picture, Modbus TCP.
Comments: none
S4 Preview: Two Control System Security Protocol and Crypto Primitive Performance Papers
We are two weeks away from S4. Still time to sign up to be a physical or virtual attendee.
Digital Bond’s 4th Annual SCADA Security Scientific Symposium [S4] is being held January 20 – 21 in warm and sunny Miami Beach. S4 is a bleeding edge research event where technical papers are presented in detail [...]
Author: Dale Peterson
Posted: January 4th, 2010 under S4, SCADA Protocols, Wireless.
Comments: none
OISF Meeting and the next generation of open source IDSs
Last week I had the opportunity to attend the first public planning/brainstorming session for the DHS seeded Open Information Security Foundation and their next generation IDS project. Lots of good discussion, with the first couple hours focusing on the foundation itself, and the rest of the day was spent discussing various features that would be [...]
Author: Daniel Peck
Posted: July 20th, 2009 under DHS, IDS / IPS, SCADA Protocols.
Comments: 1
Quickdraw Enip Preprocessor Example
As a followup to our preprocessor code release, we’re going to put together a few posts detailing the use of a few of the features provided by them.
To begin, we’ll work our way through an example with enip/cip. Lets say that we wanted to have a log of everytime that a sucessful “Open Connection” request [...]
Author: Daniel Peck
Posted: July 6th, 2009 under DHS Research Project, EtherNet/IP, Quickdraw.
Comments: none
Beta Release: SCADA IDS Preprocessors
We are pleased to announce the beta release of some Quickdraw software components today. Quickdraw is a Digital Bond research project funded by the US Department of Homeland Security (DHS). This beta release is the first three SCADA IDS preprocessors that were the crux of the Quickdraw project. They are:
DNP3
Ethernet Industrial Protocol (EtherNet/IP and [...]
Author: Daniel Peck
Posted: June 25th, 2009 under DNP3, EtherNet/IP, IDS / IPS, Modbus TCP, Quickdraw, SCADA IDS.
Comments: none
Quickdraw Update: Preprocessors and Detection Plugins
It’s been a little while since we’ve had a Quickdraw update, and I wanted to fill everyone in on how we’re doing and the approach we’re using.
As we’ve described before we’re basing the project on the snort 2.8.x tree, and we could do much of the processing and alerting using only the snort rule language [...]
Author: Daniel Peck
Posted: April 27th, 2009 under Quickdraw, SCADA IDS, SCADA Protocols.
Comments: none
OPC UA: Part 5 – Vendor Implementation Security Considerations
During our application assessment of the OPC UA SDK, it was very clear that vendors creating OPC UA clients and servers are going to make a number of choices that affect security of their offerings. All OPC UA servers will not be created equal from a security perspective.
When the fixes from our assessment are completed, [...]
Author: Dale Peterson
Posted: November 12th, 2008 under OPC.
Comments: 7