Configuration vulnerability in SNORT for Windows operating systems

TitleConfiguration vulnerability in SNORT for Windows operating systems
Publication TypeConference Paper
Year of Publication2022
AuthorsL. Faramondi, M. Grassi, S. Guarino, R. Setola, and C. Alcaraz
Conference Name2022 IEEE International Conference on Cyber Security and Resilience (IEEE CSR)
Date Published08/2022
Conference Location
ISBN Number978-1-6654-9952-1

Cyber-attacks against Industrial Control Systems (ICS) can lead to catastrophic events which can be prevented by the use of security measures such as the Intrusion Prevention Systems (IPS). In this work we experimentally demonstrate how to exploit the configuration vulnerabilities of SNORT one of the most adopted IPSs to significantly degrade the effectiveness of the IPS and consequently allowing successful cyber-attacks. We illustrate how to design a batch script able to retrieve and modify the configuration files of SNORT in order to disable its ability to detect and block Denial of Service (DoS) and ARP poisoning-based Man-In-The-Middle (MITM) attacks against a Programmable Logic Controller (PLC) in an ICS network. Experimental tests performed on a water distribution testbed show that, despite the presence of IPS, the DoS and ARP spoofed packets reach the destination causing respectively the disconnection of the PLC from the ICS network and the modification of packets payload.

Citation Key1990