Guest Blog: Ripple20 Zeek Package Open Sourced

Guest Blog: Ripple20 Zeek Package Open Sourced

Recently, security research group JSOF released 19 vulnerabilities related to the “Treck” TCP/IP stack. This stack exists on many devices as part of the supply chain of many well known IoT/ICS/device vendors. Think 100s of millions/billions of devices and you are in the right ballpark.





The set of vulnerabilities is collectively known as “Ripple20” , and yes – like all big exploits it has its own website https://www.jsof-tech.com/ripple20/  (a fascinating read) and of course a logo. Refer also to the Treck response https://treck.com/vulnerability-reply-information/.


We at Corelight Research have been following developments closely, as there a number of key ingredients that add up to a dangerous situation here.


The vast number of vulnerable systems. As I developed this package I even found a printer that was vulnerable, and which was not on the list of known vulnerable devices.
The wide range of vendors that are affected. There are some very big names, you can read the list of affected vendors on the Ripple20 site.
The types of systems that are potentially vulnerable – anything from UPS, printers, lights, tractors, medical devices, cars, air conditioning systems, refrigerators… Who really knows?
The difficulty in patching. In most cases, IoT/ICS devices simply aren’t built for “automatic install” of security patches like modern end user systems are. You also need to know whether you ev ..

Support the originator by clicking the read the rest link below.