You are not registered yet. Please click here to register!

plc storereviewsdownloads
This board is for PLC Related Q&A ONLY. Please DON'T use it for advertising, etc.
Try our online PLC Simulator- FREE.  Click here now to try it.

New Here? Please read this important info!!!

Go Back - Interactive Q & A > - Interactive Q & A > LIVE PLC Questions And Answers

Thread Tools Display Modes
Old September 23rd, 2023, 05:48 AM   #1

Tooms is offline
Join Date: Sep 2023
Location: Denmark
Posts: 2
Devices that dont like active network scanning


I am in the process of making an OT lab for training and to test incident response, an i keep hearing NOT to scan network because some devices can not handle this and will stop working until reset/restart of them.

so the question is, for lab purpose is there some known devices that always has this issue there will be good for testing in labs. ?
I am looking for used smaller inexpensive device that will be practical for this lab where of course both cost and lab space is limited.

So what devices with that issue will be good for an lab setup ?

  Reply With Quote
Old September 23rd, 2023, 06:24 AM   #2

lfe is offline
Join Date: Jun 2007
Location: Barcelona
Posts: 791
I have done several network scans and I have never seen that there are devices that stop working when scanned.

If that happened it would be due to poor programming of the scanning software.

The scanner software tries to establish TCP connections with different ports (services) of the target IP, port 23 telnet, 80 http and many more.

If the scanning software establishes connections but then does not close them, it can exhaust the maximum number of connections that the device can establish and therefore, apart from scanning, it will also be a denial of service attack.
Suppanel HMI
  Reply With Quote
Old September 23rd, 2023, 06:34 AM   #3

Tooms is offline
Join Date: Sep 2023
Location: Denmark
Posts: 2
it is some thing that i keep hearing sentences like this have a book: "Nmap and other forms of active scanning can be harmful to ICS networks"
and there can knock them over in an way so they stop working and has to be restarted/reset again.
i hear it repeted from many places that it is an thing and some device can not handle packages because of weak CPU, OS or network stack.

So to learn and understand this better and do safe OT incident response, i like to see/test devices like that.

  Reply With Quote
Old September 23rd, 2023, 11:47 AM   #4
Lifetime Supporting Member + Moderator
United States

TheWaterboy is offline
TheWaterboy's Avatar
Join Date: May 2006
Location: State of Denial
Posts: 1,774
Unfortunately for your needs it's not smaller but an Altivar71 with ethernet I/P will reliably fault when IT based scan tools (Artic Wolf, Angry IP scanner etc) interrogate it. Only have 4 of those left and can't wait to dump them.

Look for devices that used a java based HMI that won't render in modern browsers as a good vintage to draw from.

With modern hardware I doubt they will actually fault but a device with a small number of connection sockets might be a good target. I expect the results will be connection losses and not actual faults though like the Altivars.

Look into the CERT or ISAC database for vulnerability listings.
There are 2 kinds of people in the world... (1) Those that can derive answers from incomplete Data
  Reply With Quote
Jump to Live PLC Question and Answer Forum

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Thread Thread Starter Forum Replies Last Post
Unable to set up FTview SE Network directory outside of the local network Steinarr LIVE PLC Questions And Answers 6 December 2nd, 2016 02:20 PM
timer trigger in s7300 mostafah LIVE PLC Questions And Answers 26 July 25th, 2008 03:11 AM
Not seeing all devices on network deand LIVE PLC Questions And Answers 3 July 23rd, 2008 11:02 AM
s7 200 gaannesh LIVE PLC Questions And Answers 10 April 21st, 2008 01:33 AM
Unitronics Network Scanning TimothyMoulder LIVE PLC Questions And Answers 0 February 4th, 2003 11:30 AM

All times are GMT -4. The time now is 12:24 PM.