-
Online Discoverability and Vulnerabilities of ICS/SCADA Devices in the Netherlands
Authors:
Joao M. Ceron,
Justyna J. Chromik,
Jair Santanna,
Aiko Pras
Abstract:
On a regular basis, we read in the news about cyber-attacks on critical infrastructures, such as power plants. Such infrastructures rely on the so-called Industrial Control Systems (ICS) / Supervisory Control And Data Acquisition (SCADA) networks. By hacking the devices in such systems and networks, attackers may take over the control of critical infrastructures, with potentially devastating conse…
▽ More
On a regular basis, we read in the news about cyber-attacks on critical infrastructures, such as power plants. Such infrastructures rely on the so-called Industrial Control Systems (ICS) / Supervisory Control And Data Acquisition (SCADA) networks. By hacking the devices in such systems and networks, attackers may take over the control of critical infrastructures, with potentially devastating consequences. This report focusses on critical infrastructures in the Netherlands and investigates three main questions: 1) How many ICS/SCADA devices located in the Netherlands can be easily found by potential attackers?, 2) How many of these devices are vulnerable to cyber-attacks?, and 3) What measures should be taken to prevent these devices from being hacked?
△ Less
Submitted 3 November, 2020;
originally announced November 2020.
-
Characterising attacks targeting low-cost routers: a MikroTik case study (Extended)
Authors:
Joao M. Ceron,
Christian Scholten,
Aiko Pras,
Elmer Lastdrager,
Jair Santanna
Abstract:
Attacks targeting network infrastructure devices pose a threat to the security of the internet. An attack targeting such devices can affect an entire autonomous system. In recent years, malware such as VPNFilter, Navidade, and SonarDNS has been used to compromise low-cost routers and commit all sorts of cybercrimes from DDoS attacks to ransomware deployments. Routers of the type concerned are used…
▽ More
Attacks targeting network infrastructure devices pose a threat to the security of the internet. An attack targeting such devices can affect an entire autonomous system. In recent years, malware such as VPNFilter, Navidade, and SonarDNS has been used to compromise low-cost routers and commit all sorts of cybercrimes from DDoS attacks to ransomware deployments. Routers of the type concerned are used both to provide last-mile access for home users and to manage interdomain routing (BGP). MikroTik is a particular brand of low-cost router. In our previous research, we found more than 4 million MikroTik routers available on the internet. We have shown that these devices are also popular in Internet Exchange infrastructures. Despite their popularity, these devices are known to have numerous vulnerabilities. In this paper, we extend our previous analysis by presenting a long-term investigation of MikroTik-targeted attacks. By using a highly interactive honeypot that we developed, we collected more than 44 million packets over 120 days, from sensors deployed in Australia, Brazil, China, India, the Netherlands, and the United States. The incoming traffic was classified on the basis of Common Vulnerabilities and Exposures to detect attacks targeting MikroTik devices. That enabled us to identify a wide range of activities on the system, such as cryptocurrency mining, DNS server redirection, and more than 3,000 successfully established tunnels used for eavesdrop**. Although this research focuses on Mikrotik devices, both the methodology and the publicly available scripts can be easily applied to any other type of network device.
△ Less
Submitted 3 November, 2020;
originally announced November 2020.
-
Tangled: A Cooperative Anycast Testbed
Authors:
Leandro M. Bertholdo,
Joao M. Ceron,
Wouter B. de Vries,
Ricardo de O. Schmitt,
Lisandro Zambenedetti Granville,
Roland van Rijswijk-Deij,
Aiko Pras
Abstract:
Anycast routing is an area of studies that has been attracting interest of several researchers in recent years. Most anycast studies conducted in the past relied on coarse measurement data, mainly due to the lack of infrastructure where it is possible to test and collect data at same time. In this paper we present Tangled, an anycast test environment where researchers can run experiments and bette…
▽ More
Anycast routing is an area of studies that has been attracting interest of several researchers in recent years. Most anycast studies conducted in the past relied on coarse measurement data, mainly due to the lack of infrastructure where it is possible to test and collect data at same time. In this paper we present Tangled, an anycast test environment where researchers can run experiments and better understand the impacts of their proposals on a global infrastructure connected to the Internet.
△ Less
Submitted 28 August, 2020;
originally announced August 2020.
-
The Dagstuhl Beginners Guide to Reproducibility for Experimental Networking Research
Authors:
Vaibhav Bajpai,
Anna Brunstrom,
Anja Feldmann,
Wolfgang Kellerer,
Aiko Pras,
Henning Schulzrinne,
Georgios Smaragdakis,
Matthias Wählisch,
Klaus Wehrle
Abstract:
Reproducibility is one of the key characteristics of good science, but hard to achieve for experimental disciplines like Internet measurements and networked systems. This guide provides advice to researchers, particularly those new to the field, on designing experiments so that their work is more likely to be reproducible and to serve as a foundation for follow-on work by others.
Reproducibility is one of the key characteristics of good science, but hard to achieve for experimental disciplines like Internet measurements and networked systems. This guide provides advice to researchers, particularly those new to the field, on designing experiments so that their work is more likely to be reproducible and to serve as a foundation for follow-on work by others.
△ Less
Submitted 12 January, 2019;
originally announced February 2019.