search

mushorg / conpot

ICS/SCADA honeypot
GNU General Public License v2.0
1.23k stars 413 forks source link

Investigate Conpot as a Modbus TCP-RTU bridge #353

Open xandfury opened 6 years ago

xandfury commented 6 years ago

Current implementation of Modbus uses a predefined template constisting of coils/registers - related values. It might be a good idea to be able to add actual modbus rtu slaves to conpot.

For each request from a modbus client, Conpot would query the actual rtu slave device(that is connected via serial) and fetch the appropriate response.

What needs to be done: This would involve Conpot to act as RTU master as well as the TCP server. Conversion of TCP to RTU involves dropping the MBAP header and adding CRC. (opposite for RTU to TCP)

How can it be done: modbus_tk supports both Modbus RTU and Modbus TCP. With the additional dependency of pyserial, this seems achievable. For integration to exisiting protocol stack, I am not sure about the logical way to approach this. But I think instead of _configure_slaves(template) and _get_mode_and_delay(template) approriate code needs to be added to interface with the existing Modbus TCP server.

xandfury commented 6 years ago

Something like this in the template:

    <slaves>
        <slave id="0">
               ~~~ From template ~~~
        </slave>
        <slave id="2">
               ~~~ Actual Modbus RTU slave connected over serial ~~~~
         </slave>
        <slave id="3">
               ~~~ From template ~~~
        </slave>
        .
        .
        .
    </slaves>
glaslos commented 6 years ago

First goal should be talking to a Modbus slave using Modbus over TCP.