Blog

The Satellite development team has recently been focusing their efforts on writing tests for EtherNet/IP and using the tests to successfully uncover vulnerabilities in various control devices.  Ethernet / Industrial Protocol (EtherNet/IP) is an industrial application layer protocol operating over Ethernet that allows industrial devices to exchange time-critical application information.

 

EtherNet/IP encapsulates Control and Information Protocol (CIP) packets and transports them over TCP or UDP.  It allows application information to be sent from a single sending device to multiple receiving devices.  The Achilles tests examine the EtherNet/IP implementation as defined in ODVA's The CIP Networks Library Volume 2: EtherNet/IP Adaptation of CIP.  The tests generate and send EtherNet/IP commands and CIP requests.  For example:

• Connection handling tests examine how the EtherNet/IP implementation on the device handles TCP connections.
• Exhaustion tests examine device behavior when many EtherNet/IP sessions or many CIP connections are requested
• Storms generate EtherNet/IP packets with valid commands and send them at a specific packet rate over TCP or UDP to the device under test, using a broadcast or unicast IP address.  They examine the device's ability to maintain view and control while dealing with a large number of request messages.
• Header grammars generate EtherNet/IP packets with valid and invalid header values and command data.  The packets are sent over TCP or UDP to examine device behavior when it processes EtherNet/IP packets.
• Service grammars send connected or unconnected CIP service requests with truncated and malformed request parameter data to CIP object classes and their instances to examine how the device handles malformed CIP service requests.

The EtherNet/IP tests will be available in Achilles Satellite 3.4, which will be released in Q2 of 2011.  For more information, contact our sales team.