SCADApedia
AAA  AAA 

SCADA Honeynet Online at PCSF

In his S4 comments, Ty Bodell suggested we have the SCADA Honeynet live at S4 2008 so attendees can see it, hack it or otherwise interact with it. We thought why wait until next January, so the SCADA Honeynet will be available via a wireless access point at the PCSF annual event in Atlanta next week.

Just turn on your wireless card and connect to SSID: dbelectric_7. You will see what an attacker would see if they stumbled across a SCADA Honeynet. Check out the http, ftp, snmp, and telnet management interfaces. Bring a Modbus/TCP client and read and write points. Try attacking it - - of course the SCADA Honeynet will be recording all your activity.

I also will have a few copies of the S4 Proceedings Book with me if you want to take a look at it or purchase one.

Later this week I’ll let you know what we are doing with Wurldtech on the Achilles Controller Certification at PCSF.

Author: Dale Peterson
Posted: February 26th, 2007 under PCSF, SCADA Honeynet.
Comments: 3

Comments

Comment from Dwight
Time: February 26, 2007, 4:41 pm

Great idea. Thanks for providing this, will you be showing the log records? That would be very interesting to see.

I assume DOS does not count. :)

Dwight

Comment from Karl
Time: March 6, 2007, 7:13 pm

This is pretty entertaining to play with, is this based on honeynetd? I only got time to nmap it, we’ll see what we can do tomorrow.

Do you have a lot of these running on the Internet? Do you actually see people trying useful attacks on the modbus ports?

Comment from Landon Lewis
Time: March 7, 2007, 1:05 pm

Karl there’s a honeywall bridge inline and a honeyd process handling the O/S fingerprint obfuscation. Some services are scripts, most are proxied to itself.

I’m working on a php script that live queries one of our internet honeywalls, the results will be complete soon. This and some other honeynet projects are listed on our SCADA Honeynet Stats & Reports page.

To date there have been no direct attacks against our modbus services. The honeynet project has a few different chapters who are deploying the images, hopefully we get back some results. Feel free to subscribe and download them.

Write a comment