Tool f/test/verification of EtherNet/IP networks vulnerability against DoS attacks

Hello:
Does any body have experience with tools to simulate DoS attacks, especially attacks which can exploit typical vulnerabilities of EtherNet/IP devices?
Will be grateful for recommendations, whether it is free software or paid software.
Many years ago the National Institute of Standards and Technology (NIST) started a project with ODVA which seems to have stalled as the last delivery of this tool which is free of charge, was provided in 2009, but I find this software crashes in Windows 10. Cannot find a newer version. (By the way if someone has experience with this tool and can give me a hint such as "run it in Windows XP", I am willing to do this setup just to get it working).
Thanks for reading.

Ethernet/IP is an unencrypted protocol and without intrinsic security.

Therefore it should not be open to connections from the WAN and it is usually not exposed to DoS attacks ... except if the attacker is on the same plant/LAN

lfe said:

Ethernet/IP is an unencrypted protocol and without intrinsic security.

Therefore it should not be open to connections from the WAN and it is usually not exposed to DoS attacks ... except if the attacker is on the same plant/LAN

Click to expand...

Even if it is unencrypted, there should some robust mechanism to ensure that the Ethernet/IP data has priority over other data.
It may not be a hacker, but for example a faulty device that spams the network with packets.

JesperMP said:

Even if it is unencrypted, there should some robust mechanism to ensure that the Ethernet/IP data has priority over other data.
It may not be a hacker, but for example a faulty device that spams the network with packets.

Click to expand...

Exactly. For example, for Profinet devices there is a test called Netload test. It consists of a Linux packet generator that sends bursts of ARP, DCP, IGMP and what not, to see if the device crashes. Another test is done while talking to the PLC and the PLC has a program that logs communication error, if the device stops communicating during the "normal communication" test the device fails the test. The "Faulty communication" sends so much data that if you try to capture with Wireshark the PC stops responding to commands so one has to use TSHARK to capture data. It is insane, like 10 packets per millisec. So yes, EtherNet/IP networks should not be accessible from outside the industrial control network environment, but nonetheless, security is a concern, as you can read from link below.
https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-046-01A

Why not use the Profinet tool with Ethernet/IP ? Should be the same.

OPC UA foundation specs have a whole part dedicated to Security.

It is a different and more complicated protocol but it may serve as a guide

https://opcfoundation.org/developer...tecture/part-2-security-model/#downloadDialog

needs free registration

JesperMP said:

Why not use the Profinet tool with Ethernet/IP ? Should be the same.

Click to expand...

Hello. Yes, this is my plan B. I am used to the Profinet test and I can set it up in short time. This test sends bursts of ARP, IGMP and other traffic that can push the EtherNet/IP adapter to its limits. If there is something very wrong it should surface, although it may not be the most accurate test, it is better than nothing. If I do not find anything more suitable, I will use this test. Thanks for the suggestion.

lfe said:

OPC UA foundation specs have a whole part dedicated to Security.

It is a different and more complicated protocol but it may serve as a guide

https://opcfoundation.org/developer...tecture/part-2-security-model/#downloadDialog

needs free registration

Click to expand...

I have download the document. I will be studying it.
Muchas gracias por la información.