Biblio

In recent years, many devices in industrial control systems (ICS) equip Ethernet modules for more efficient communication and more fiexible deployment. Many communication protocols of those devices are based on internet protocol, which brings the above benefits but also makes it easier to access by anyone including attackers. In the case of using the factory default configurations, we wiiˆ demonstrate how to easily modify the programmable logic controllers (PLCs) program through the Integrated Development Environment provided by the manufacturer under the security protection of PLC not set properly and discuss the severity of it.

Honeypots are a common tool to set intrusion alarms and to study attacks against computer systems. In order to be convincing, honeypots attempt to resemble actual systems that are in active use. Recently, researchers have begun to develop honeypots for programmable logic controllers (PLCs). The tools of which we are aware have limited functionality compared to genuine devices. Particularly, they do not support running actual PLC programs. In order to improve upon the interactive capabilities of PLC honeypots we set out to develop a simulator for Siemens S7-300 series PLCs. Our current prototype XPOT supports PLC program compilation and interpretation, the proprietary S7comm protocol and SNMP. While the supported feature set is not yet comprehensive, it is possible to program it using standard IDEs such as Siemens' TIA portal. Additionally, we emulate the characteristics of the network stack of our reference PLC in order to resist OS fingerprinting attempts using tools such as Nmap. Initial experiments with students whom we trained in PLC programming indicate that XPOT may resist cursory inspection but still fails against knowledgeable and suspicious adversaries. We conclude that high-interactive PLC honeypots need to support a fairly complete feature set of the genuine, simulated PLC.