Running a fake power plant on the internet for a month

About the simulator

How it works

(old) test setup with two Siemens S7 1200 PLCs
Setting up communications to the PLC
Retrieving SLZ information using Nmap
PORT    STATE SERVICE
102/tcp open iso-tsap
| s7-info:
| Module: 6ES7 518-4AP00-0AB0
| Basic Hardware: 6ES7 518-4AP00-0AB0
| Version: 2.6.0
| System Name: INTERN_VALVE_REG_O1
| Serial Number: S C-N5820302
| Plant Identification: NUCL_POWER_GEN_05
|_ Copyright: Original Siemens Equipment
Service Info: Device: specialized
Nmap done: 1 IP address (1 host up) scanned in 0.57 seconds

Probe example

{
“category”: “s7comm”,
“date”: “2020–12–08T21:23:32.541508039+01:00”,
“destination-ip”: “x.x.x.x”,
“destination-port”: 102,
“payload-hex”: “0300002102f080320700000000000800080001120411440100ff09000400110001,
“payload-length”: 33,
“request.ID”: “17”,
“request.type”: “module ID request”,
“sensor”: “services”,
“source-ip”: “x.x.x.x”,
“source-port”: 53662,
“token”: “bssglu3k2l04oeabnus0”,
“type”: “ics”
}

Getting indexed by internet scanners

About the data…

Top 10 hosts connecting to the honeypot
Total amount of requests received by category

Conclusion

Questions & Answers

ISO — OSI classification

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Announcing MetaMask Version 8

Fanfury Announcement: Gameplay Postponed

BlackHoleDAO Progress Weekly Report

Farsite; encrypting space!

Tackling the IP Address Crisis: Alibaba’s Youku Leads IPv6 Adoption

INO Whitelist: Result is Here

FATF Travel Rule; DOJ Cryptocurrency Enforcement; Rep. Gottheimer’s Stablecoin Bill

Special event for XDC integration at D’CENT Wallet

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Stefan Grimminck

Stefan Grimminck

More from Medium

WHY 2-FACTOR AUTHENTICATION IS CRUCIAL

Top 10 Technology Skills To Learn in 2022

The Dark Side of Pen-test reporting

Rollback, Revert, roll-forward, oh my!