Snort’s version 2.9.2 of open source network intrusion detection system (NIDS) is out with new preprocessors that add support for protocols used in industrial control systems.

The additional functionality should allow Snort to detect targeted attacks on networked SCADA systems.

Data Compromise; the New Business Risk
Hacked Systems and Poor Passwords
Feds: No Cyber Intrusion at IL Water Plant
Three Legs to SCADA Security

The two protocols implemented to date, DNP3 and Modbus, are industry standards. The addition of SCADA protocols to Snort is in part due to the presence of significant vulnerabilities in such systems.

The development team is looking to implement further SCADA protocols and welcomes development and testing support. Exploit framework Metasploit added SCADA vulnerability detection in August 2011.

Schneider Bold

Further information about the release and how to write rules for these protocols is available in the release announcement. The documentation for 2.9.2 has also been updated. Snort source code and binaries are available to download from the web site. The source code for the Snort engine and community rules is under the GPLv2, proprietary rules are under Sourcefire’s own Non-Commercial Use License.

Pin It on Pinterest

Share This