About site: Security/Honeypots and Honeynets - SCADA HoneyNet Project
Return to Computers also Computers
  About site: http://scadahoneynet.sourceforge.net/

Title: Security/Honeypots and Honeynets - SCADA HoneyNet Project SCADA HoneyNet Project: Building Honeypots for Industrial Networks (SCADA, DCS, and PLC architectures).
Were-Over-There_Forums Multi-media haven for disgruntled online community exiles.

A_N_D__Technologies_Inc__Pcounter_software Printer Accounting Software for Netware servers.

RFC_2737 Entity MIB (Version 2). K. McCloghrie, A. Bierman. December 1999.

PHP_Processor Tool that optimizes PHP, HTML and JavaScript code by removing unnecessary data; the optimization process also obfuscates the code. Viewable project information, interface and screen shots also availa

The_CD_Duplicator Specialize in short runs of Audio and Data CD-Rs.

Flooble_Scripts A number of highly original scripts designed to make any page be more alive and interactive. These are free and work in all browsers. New scripts monthly.

  Alexa statistic for http://scadahoneynet.sourceforge.net/





Get your Google PageRank






Please visit: http://scadahoneynet.sourceforge.net/
  Related sites for http://scadahoneynet.sourceforge.net/
    Big_Brother_Inside Criticisms of Intel's Processor Serial Number (PSN) feature on its Pentium III chips. Argues that the PSN endangers internet users' privacy.
    DynamSoft__SourceHero SourceHero is SQL-based version control tool designed to be a better replacement for Visual SourceSafe.
    Delphi_Developers Please note that the information and components on this page are only of use to developers using Inprise (Borland) Delphi development tools.
    Lifeng\'s_Home_Page Descriptions and schematics for several MicroMouse robots and a Li-Ion battery charger.
    Engelbrecht,_Andries_P_ Computational Intelligence Research Group, University of Pretoria. Research is done in theoretical aspects of PSO and developing new improved PSO models.
    Erez_Business_Softwares_Ltd_ Producer of Erez Print Preview ActiveX controls for VB6. The controls were designed to give developers an easy tool to make print and preview of software.
    indigoIT Systems integrator focused on providing solutions to infrastructure problems.
    NETLAB__Neural_Network_Software A toolbox designed to provide the central tools necessary for the simulation of theoretically well founded neural network algorithms and related models for use in teaching, research and applications
    SampleTalk_Language_and_programming_technology Build a program immediately from data processing examples: AI language, simpler than Prolog, based on generalization and matching of unconstrained text processing samples.
    Charles_Mace_software WatchWorks, a desktop alarm, and password generator.
    Tek-Tips_Forum__Microsoft__Visual_FoxPro_v1-2_6 Technical support forums and mutual help system for computer professionals. Forbids selling, recruiting.
    TinyELF A freeware emulator of CDP1802 based microcomputers for Mac OS X.
    Grade_Point_Grading_Program [Win and Palm] Paper Trail Software's program is designed to help you stay organized and get your grading and reporting done faster. Trial version available.
    The_Adventures_of_Wendy_Willcox_and_her_dog_Willis It shouldn't take too long to get a Nigerian 419 advance fee scam e-mail. Then the goal is to get the spammer to go to the airport, and hotel, as many times as possible.
    Yahoo!_Personals A dating site. Includes program overview, commission rates and promotional materials.
    Borland_C++Builder Official home page.
    DSL_Productions Offers site design.
    Media_WYSE Offers web development, search engine positioning, marketing, and business writing.
    JespersDesigns_com Web site consulting and development, including planning, design, implementation and maintenance.
    LaVallee,_Andrew Contains resume and portfolio. Based in New York, United States.
This is websites2007.org cache of m/ as retrieved on 2008.10.08 websites2007.org's cache is the snapshot that we took of the page as we crawled the web. The page may have changed since that time.
SCADA HoneyNet Project: Building Honeypots for Industrial Networks

SCADA HoneyNet Project: Building Honeypots for Industrial Networks

Venkat Pothamsetty and Matthew FranzCriticalInfrastructure Assurance Group(CIAG)Cisco Systems, Inc.LinksDownloadMailing ListPLC Simulation Case StudyHoneyd - a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systemsNews & Updates7/15/05/(released version 0.3) - Converted teh stand-alone scripts to work with honeyd, changes to html scripts. See Release Notes for more details. 6/01/04/(released version 0.2) - Fixed the bug regarding the absense of modbusHdrs.py, included sample nmap OS fingerprints of some PLCs, included a test file to generate custom Modbus packets to test the modbusSrve.py implementation5/13/04 - Major cleanup of content3/20/04 - PLC Simulation scripts available for down and PLC Simulation Case Study complete.ObjectivesThe short-term goal of the project is to determine the feasibility of buildinga software-based framework to simulate a variety of industrial networks such asSCADA, DCS, and PLC architectures. We plan to document the requirements andrelease proof of concept code (in the form of honeyd scripts) so that a single Linux hostcan simulate multiple industrial devices and complex network topologies. Giventhe variety of deployments and the lack of standard, well-defined architecturesfor industrial networks, this project attempts to create the building blocks sothat users can simulate their networks own networks--not make assumptions aboutwhat "real world" SCADA/DCS/PLC look like. Assuming deployment of "SCADAHoneyNets" ever reach critical mass, the longer term objective of the projectis to gather information about general attack patterns and specific exploitsthat could be used to write signature for commercial and Open Source IDSproducts.IntroductionThere is still little information about SCADA vulnerabilities and attacks,despite the growing awareness of security issues in industrial networks. As isthe case with IT security, owner-operators are often unwilling to releaseattack or incident data. However, unlike IT products and protocols, there arenot the sort of public repositories of vendor advisories andvulnerabilities in industrial devices. Although some vulnerability research isbeing conducted in this area, very little has been released publically and no"SCADA security tools" (whatever that might mean) have been released to thepublic.To address these limitations, this goal of this project is to provide tools andto simulate a variety of industrial networks and devices. We see several uses for this project:Build a HoneyNet for attackers, to gather data on attacker trends andtoolsProvide a scriptable industrial protocol simulators to test a real liveprotocol implementation Research countermeasures, such as device hardening, stack obfuscation,reducing application information, and the effectiveness network access controls Feature RequirementsBased on our knowledge of industrial network applications, products, andprotocols, we identified the following requirements:Individual Device SimulationTo simulate individual devices, the following functionality is needed:Stack level: To simulate the TCP/IP stack of a Ethernet-based devicedevice to a script kiddie type attacker who is scanning the network with OSdetection tools such as Nmap and Xprobe.Protocol level: To simulate industrial protocols for skilledattackers who have the tools which interrogate protocols and want to dosomething meaningful using the protocol features Application level: To simulate various applications on a SCADAdevice such as web servers and management applications such as SNMP and Telnet.Hardware level:Many of the SCADA devices use serial interfaces suchas modems and RS232 interfaces for both SCADA protocol communication and formanagement purposes. An attacker who either "logs into" a SCADA device or hasaccess to the serial network, needs to be presented with a serial device and/ora protocol communication over a serial device. Simulate NetworkWe need to simulate various entry points so that when an attacker encounters aperimeter device, he will be presented the same network as a real SCADA networkat that particular network entry pointVarious network entry points that we need to simulate include:A router directly connected to the Internet: Control system networks are typically not directly conne a control network is located inside a corporate network. Assuming the corporate network as Internet, we need to simulate the entry point of a router that seperates the control network and the corporate network. The devices that are normally connected to such routers would be Industrial Ethernet switches or industrial devices with an IP stack, such as some IP enabled PLCs and wireless access points.Direct serial device:Some of the industrial devices have a modem that can be directly dialed into from a PSTN. We need to simulate a "modem server" that can take connections and behaves like a industrial device or is connected to a industrial device.A Ethernet enabled industrial device directly connected to the Internet: Such a scenario should be the same as simulating the stack, the protocols and applications on that device and connecting that to InternetAn Ethernet serial gateway directly plugged into the Internet:An Ethernet serial gateway is a bridge between the IP network and the serial interface. The IP side of the device would be connected to the network, either a Industrial switch or a router to which other IP industrial devices are connected to. The serial side of the device would be connected to a serial device or a serial network.Wireless: Wireless is one of the entry points into a Industrial network. Most of the Industrial wireless devices use proprietary wireless protocols and some of them use 802.1b standard. Typically the serial interface of the device would be connected to a wireless bridge. Remote desktop access and HMIs:The Human Machine Interfaces and the software that communicates with Industrial devices usually runon a Windows machine. Administrators who want remote access to these devices would typically run a remote desktop viewer, such as VNC or PC anywhere. An attacker would normally find it through a port scan 'after he gets into the control network and might get to it using a VNC client. Simulating this would probably need a custom made VNC protocol simulation.Remote Access Server (RAS):Another possible entry point into acontrol network is to dial into the network using PPP and use the PPP passwordto authenticate yourself to a Network Access Server and then directly accessthe Industrial device. Capture the attacker tools and tracksOur scripts need to capture the attacker tools and tracks. That should include keystroke logging and facilities to capture the tools and binaries he might be up loading, if the attack. Our scripts also need to capture network traffic.Review of existing technologies and relavencyHoneydHoneyd has facilities for easy simulation of TCP/IP stacksand applications.Honeynet takes Nmap and Xprobe signatures through configuration files and sends packet responses to scans matching those signatures. Users can set up profiles, mapping IP addresses that Honeyd should respond to a corresponding device profile. When attackers Nmap or Xprobe scan the IP address which Honeyd is taking care of, he will be returned with packets matching the corresponding device profile.Therefore using Honeyd, it would be possible to simultaneously simulate stacks of multiple IP based Industrial devices, provided the corresponding scanning tools (Nmap or Xprobe) has the knowledge of the signature. As of now, there are no signatures of Industrial devices in Nmap's database.Honeyd allows the user to listen on a port and run a script on that particular port when anybody connects to that port. As of now, there are many scripts contributed to the project, which can simulate web pages, WSFTP servers and Cisco telnet servers.Using this feature on Honeyd, it is possible to write scripts that simulatedvarious Industrial Ethernet protocols. For example, it would be possible tosimulate a Modbus/TCP server on port 502 and EtherNet/IP on ports 44818/2222.Serial interface simulationMany industrial network devices use RS-232/485 for communication. Typicallythe serial port of a PC would be directly (or indirectly, via a serial Ethernetgateway) connected to the serial port of the device. There would be a softwarerunning on the PC, which sends commands to the device over the serialinterface. By some accounts there are hundreds of serial protocols in use inSCADA networks. Some of the more common protocols are MODBUS and DNP.We need to simulate those protocols over the serial port, so as to present aprotocol interface to an attacker who connects to the serial port. Manylanguages support serial interface programming including Python and Java. Wewere able to achieve serial communication through a open source Python serialprogramming module (pyserial.sf.net).Simulating 802.11The HostAP driver(http://hostap.epitest.fi/), replies for 802.1b management packets and converts a client adapter an access point.The driver can be used to simulate an access point which is insidea automation or a SCADA networkCapturing attack tools and capturing the attackers' trackThough not part of Honeyd, there are lots of keystroke loggers available. Weneed a mechanism to track the attacker on the web interface of the device. Wedo not know of any tools which can provide that functionality, however weexplored some possibilities where the the Java applet (running on the"attackers" web browser) is able to commChallengesDeployment and TestingAn ideal deployment site for such a script would be a subnet close to a real Industrial/SCADA network or a phone number which belongs to a SCADA/Automation plant. We are not aware of any active and on-going SCADA specific attacks, it would be difficult to get a SCADA aware attacker into the honeypot.Send comments to scadahoneynet-talk@lists.sourceforge.net or ciag-tools@cisco.comSourceForge Logo _uacct = "UA-74693-3";urchinTracker();
 

SCADA

HoneyNet

Project:

Building

Honeypots

for

Industrial

Networks

(SCADA,

DCS,

and

PLC

architectures).

http://scadahoneynet.sourceforge.net/

SCADA HoneyNet Project 2008 October

dvd rental

dvd


SCADA HoneyNet Project: Building Honeypots for Industrial Networks (SCADA, DCS, and PLC architectures).

Rules

© 2008 Internet Explorer 5+ or Netscape 6+
Recommended Sites: 1. Arts - Business - Computers - Games - Health - Home - Kids and Teens - News - Recreation - Reference - Regional - Science - Shopping - Society - Sports - World Miss Gallery - Top Anime Hentai - DVD rental by mail - Remortgages - Northern Rock - Credit Reports - Credit Report - Credit Cards
2008-10-08 04:18:30

Copyright 2005, 2006 by Webmaster
Websites is cool :) 249Hotel Istanbul - Hotell Frankfurt - Klimatyzatory - Rusztowania - Metallzaune