Visible to the public Configuration vulnerability in SNORT for Windows Operating Systems

TitleConfiguration vulnerability in SNORT for Windows Operating Systems
Publication TypeConference Paper
Year of Publication2022
AuthorsFaramondi, Luca, Grassi, Marta, Guarino, Simone, Setola, Roberto, Alcaraz, Cristina
Conference Name2022 IEEE International Conference on Cyber Security and Resilience (CSR)
Keywordscomposability, integrated circuits, IP networks, Metrics, Operating systems, Programmable logic devices, pubcrawl, Resiliency, security, telecommunication traffic, Valves, Windows Operating System Security
AbstractCyber-attacks against Industrial Control Systems (ICS) can lead to catastrophic events which can be prevented by the use of security measures such as the Intrusion Prevention Systems (IPS). In this work we experimentally demonstrate how to exploit the configuration vulnerabilities of SNORT one of the most adopted IPSs to significantly degrade the effectiveness of the IPS and consequently allowing successful cyber-attacks. We illustrate how to design a batch script able to retrieve and modify the configuration files of SNORT in order to disable its ability to detect and block Denial of Service (DoS) and ARP poisoning-based Man-In-The-Middle (MITM) attacks against a Programmable Logic Controller (PLC) in an ICS network. Experimental tests performed on a water distribution testbed show that, despite the presence of IPS, the DoS and ARP spoofed packets reach the destination causing respectively the disconnection of the PLC from the ICS network and the modification of packets payload.
DOI10.1109/CSR54599.2022.9850309
Citation Keyfaramondi_configuration_2022