Malos Ojos Security Blog

Research paper on Snort rule development for the major fault attack on Allen Bradley MicroLogix 1400 controllers

by on Sep.12, 2013, under General

As part of a course I took last quarter at DePaul University on critical infrastructure security I drew the straw on one of our group labs which required that we write a Snort signature for an attack on the Allen Bradley MicroLogix 1400 series controllers. The attack was written by Matt Luallen of Cybati in September of last year for Metasploit which sets a bit on a data file on the controller which indicates to the controller that there is a major logical fault. This attack stops the running program on the controller and must be manually cleared (either through physical interaction with the controller or by clearing the fault using the RSMicroLogix application).

The results of this research project will likely be published in the future in a more formal fashion, but until then I wanted to post a sneak peek at the report for those who may be interested. Note that I wrote this a few months ago and held off on publishing it as it was being copy edited for publication.  As I assume that process had died I am left with no choice but to publish this work…no sense in holding on to something to could be of value to someone else.

A link to the PDF is here.

2 comments for this entry:
  1. Troy Scavella

    Hello Deron,

    Was the course that you took a continuing education course?

  2. Deron Grzetich

    No, this was for CNS466 – Critical Infrastructure Security.

Leave a Reply

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

Links for tools and such...