Running a fake power plant on the internet for a month

About the simulator

How it works

(old) test setup with two Siemens S7 1200 PLCs
Setting up communications to the PLC
Retrieving SLZ information using Nmap
102/tcp open iso-tsap
| s7-info:
| Module: 6ES7 518-4AP00-0AB0
| Basic Hardware: 6ES7 518-4AP00-0AB0
| Version: 2.6.0
| System Name: INTERN_VALVE_REG_O1
| Serial Number: S C-N5820302
| Plant Identification: NUCL_POWER_GEN_05
|_ Copyright: Original Siemens Equipment
Service Info: Device: specialized
Nmap done: 1 IP address (1 host up) scanned in 0.57 seconds
“category”: “s7comm”,
“date”: “2020–12–08T21:23:32.541508039+01:00”,
“destination-ip”: “x.x.x.x”,
“destination-port”: 102,
“payload-hex”: “0300002102f080320700000000000800080001120411440100ff09000400110001,
“payload-length”: 33,
“request.ID”: “17”,
“request.type”: “module ID request”,
“sensor”: “services”,
“source-ip”: “x.x.x.x”,
“source-port”: 53662,
“token”: “bssglu3k2l04oeabnus0”,
“type”: “ics”

Getting indexed by internet scanners

About the data…

Top 10 hosts connecting to the honeypot
Total amount of requests received by category


Questions & Answers

ISO — OSI classification



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store