search

mushorg / conpot

ICS/SCADA honeypot
GNU General Public License v2.0
1.23k stars 414 forks source link

Test Profinet scan tools #184

Open glaslos opened 9 years ago

glaslos commented 9 years ago

There are a couple of tools we should try against Conpot: https://github.com/HSASec/ProFuzz and https://github.com/atimorin/PoC2013/tree/master/profinet

xandfury commented 7 years ago

Did the scan for ProFuzz.

Scan Results : 

~/Desktop/conpot/ProFuzz/logs$ head 2017-02-08_23\:18\(01\:0e\:cf\:00\:00\:00\)_answered.txt 
=== Answered Packets ===
<Results: TCP:0 UDP:0 ICMP:0 Other:0>
<Results: TCP:0 UDP:0 ICMP:0 Other:0>
<Results: TCP:0 UDP:0 ICMP:0 Other:0>
<Results: TCP:0 UDP:0 ICMP:0 Other:0>
<Results: TCP:0 UDP:0 ICMP:0 Other:0>
<Results: TCP:0 UDP:0 ICMP:0 Other:0>
<Results: TCP:0 UDP:0 ICMP:0 Other:0>
<Results: TCP:0 UDP:0 ICMP:0 Other:0>
<Results: TCP:0 UDP:0 ICMP:0 Other:0>

and 

~/Desktop/conpot/ProFuzz/logs$ head 2017-02-08_23\:18\(01\:0e\:cf\:00\:00\:00\)_unanswered.txt 
=== Unanswered Packets ===
<Unanswered: TCP:0 UDP:0 ICMP:0 Other:1>
<Unanswered: TCP:0 UDP:0 ICMP:0 Other:1>
<Unanswered: TCP:0 UDP:0 ICMP:0 Other:1>
<Unanswered: TCP:0 UDP:0 ICMP:0 Other:1>
<Unanswered: TCP:0 UDP:0 ICMP:0 Other:1>
<Unanswered: TCP:0 UDP:0 ICMP:0 Other:1>
<Unanswered: TCP:0 UDP:0 ICMP:0 Other:1>
<Unanswered: TCP:0 UDP:0 ICMP:0 Other:1>
<Unanswered: TCP:0 UDP:0 ICMP:0 Other:1>

While at that I observed nothing in conpot.

shrave commented 7 years ago

Hi, I tried fuzzy testing from both the scanners and although I received the packets sent from the fuzzer, all of them were unanswered. I have attached the images of the logs of ProFuzz and profinet respectively:

profuzz profinet

There was no behaviour noticed from conpot's side.(None recorded in the logs). Is this correct? Or is some response expected from conpot's side?

Thanks.

creolis commented 7 years ago

Hey guys, sorry for the confusion.

Conpot does not (yet) react to process field network (profinet) requests because it currently has no handler to do so. To be more clear about this: A profinet service is not yet available in conpot and therefore neither do we see any incoming packets for this particular traffic, nor do we answer them in any way.

This ticket is more or less a reminder that there are test tools for profinet available so that we don't forget about them once we're supporting it in our codebase.