Main menu:

• Home
• Consulting
• Tools
  • Bandolier
  • SCADA IDS/IPS
    • IDS Signatures
    • Preprocessors and Plugins
      • Software License Agreement for SCADA IDS Preprocessors
  • Quickdraw
  • Honeynet
  • ICCP Test Tools
  • NetDDE Exploit Tools
  • OPC Test Tools
  • Portaledge
• S4 Proceedings
• Events
• Subscribe
• About Us
• Resources

 

 

 

AAA  AAA 

Preprocessors and Plugins

Digital Bond has developed Snort IDS Preprocessors for a variety of SCADA protocols. The initial three preprocessors are for DNP3, EtherNet/IP and Modbus TCP [currently in beta]. Additional preprocessors are likely to be available later this year.

The SCADA IDS preprocessor, plugins and supporting code are distributed as a gzipped unix patch file. For those of you that aren’t familiar with this file type, a patch file is essentially a detailed list of the changes and additions, between two files or directories. By sending this information into patch and pointing it at your snort source code directory the changes are applied and you now have a copy of SCADA IDS Preprocessor source tree.

This is a common process for a UNIX admin, but additional information will be provided in the near future.

The documentation for the SCADA IDS Preprocessors is on Digital Bond’s SCADApedia. The main SCADA IDS Preprocessor Page describes the possible uses of these preprocessors, which includes field device security log generation in Quickdraw and deep inspection field firewalls in addition to use in IDS/IPS rules. More detailed documentation pages are linked from that page that show precisely how the preprocessors and plugins can be added to the rules and conf files.

The SCADA IDS Preprocessors were developed as part of the US Department of Homeland Security funded Quickdraw research project.

Download the SCADA IDS Preprocessors