Another SCADA Honeynet Update
This honeywall update includes our four latest IDS signatures which aid in detecting points list and function code scans on DNP3 and Modbus TCP. These signatures play an important role in identifying a reconnaissance scan on PLC’s, RTU’s, and IED’s in a control system environment. In regards to the honeywall, roo-1.2 has been released for a month or so, but testing (and the bug fix db) revealed some odd problems so we’ll wait until 1.3 or later for a full upgrade.
Don’t forget, Dale will be speaking about the results from our SCADA Honeynet deployments at Joe Weiss’ event in Knoxville on August 14th.
Author: Landon Lewis
Posted: July 27th, 2007 under SCADA Honeynet, SCADA IDS.
Comments: 2
Comments
Comment from Steven Sim
Time: July 15, 2008, 1:54 am
Cool stuff!
However, getting 404 when trying to access “latest IDS signatures” at http://www.digitalbond.com/index.php/resources/scada-network-ids-project/ above.
Comment from Dale Peterson
Time: July 15, 2008, 6:47 am
We did some site reorganizing since then. Sorry we missed a link. It is corrected on this post and is http://www.digitalbond.com/index.php/research/ids-signatures/.
Write a comment