For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

EricWH_313090's avatar
EricWH_313090
Icon for Nimbostratus rankNimbostratus
Feb 01, 2018

Can F5 solve SCADA issues?

What protection for SCADA systems (MODBUS TCP) can the F5 provide. As these protocols appear very simple and easy to hack with even possible consequences in the physical world, it seems the ideal pla...
ASM Advanced WAF
security
samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
Feb 03, 2018

F5 ASM is Web Application Firewall protecting as the name implies Web applications using HTTP protocol. MODBUS/TCP is a serial protocol and is not HTTP. It is however possible to provide a level of protection using F5 LTM as a reverse proxy and iRules, Marc Chisinevski from F5 last year demonstrated some use cases that he implemented using iRules:

Protocol validation; Modbus TCP packets that are of wrong size or length
Potential DoS attacks - Traffic from a server to many slaves
Traffic on TCP port 502 that is not Modbus
Function and configuration scans
Function codes putting slave devices into listen-only mode
Function codes that modify diagnostic information
Function codes that cause the unit to shutdown, requiring someone physically at the site to restart the device
Exception PDUs

Ref: https://www.linkedin.com/pulse/security-use-cases-modbustcp-marc-chisinevski-cissp/