< Advanced Honeypot-Based Intrusion Detection | German Stock Spam >

SCADA Honeypots

SCADA (Supervisory Control and Data Acquisition) systems are embedded, realtime, industrial process control systems that are mainly used to centrally supervise distributed nodes (e.g., motors or pipelines). For more information, please see the wikipedia entry on SCADA systems.

Some of these systems are also connected to the public Internet and thus can be targeted by an attacker. A common protocol for accessing SCADA nodes is Modbus/TCP on port 502. Other protocols can also be used and a nice overview is available in the ThreatMind Security Wiki.

Honeypots can also be used to learn more about this kind of threat. The folks from Digital Bond have designed such a honeypot system and publish more information about it in their blog. Yesterday I received an image of their honeypots and once I am back in Germany I will start to deploy it. Looking forward to the results. although it is a bit questionable whether we will see many specific attacks...
This entry was posted by Thorsten Holz on Wednesday, January 31. 2007 at 01:23. and is filed under honeynets. You can leave a response, or trackback from your own blog. All new comments are subject to moderation before being displayed.

Trackbacks

Trackback specific URI for this entry

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

    No comments


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
Submitted comments will be subject to moderation before being displayed.