      |
||
 |
||
    This board is for PLC Related Q&A ONLY. Please DON'T use it for advertising, etc. |
||
 Try our online
PLC Simulator- FREE.
Click here now to try it.
| ||
New Here? Please read this important info!!!
September 23rd, 2023, 05:48 AM
|
#1 |
|
Member
 
Join Date: Sep 2023
Location: Denmark
Posts: 2
|
Devices that dont like active network scanning
Hi
I am in the process of making an OT lab for training and to test incident response, an i keep hearing NOT to scan network because some devices can not handle this and will stop working until reset/restart of them. so the question is, for lab purpose is there some known devices that always has this issue there will be good for testing in labs. ? I am looking for used smaller inexpensive device that will be practical for this lab where of course both cost and lab space is limited. So what devices with that issue will be good for an lab setup ? Thanks Tooms |
|
|
September 23rd, 2023, 06:24 AM
|
#2 |
|
Member
Join Date: Jun 2007
Location: Barcelona
Posts: 791
|
I have done several network scans and I have never seen that there are devices that stop working when scanned.
If that happened it would be due to poor programming of the scanning software. The scanner software tries to establish TCP connections with different ports (services) of the target IP, port 23 telnet, 80 http and many more. If the scanning software establishes connections but then does not close them, it can exhaust the maximum number of connections that the device can establish and therefore, apart from scanning, it will also be a denial of service attack. |
|
|
|
September 23rd, 2023, 06:34 AM
|
#3 |
|
Member
Join Date: Sep 2023
Location: Denmark
Posts: 2
|
it is some thing that i keep hearing sentences like this have a book: "Nmap and other forms of active scanning can be harmful to ICS networks"
and there can knock them over in an way so they stop working and has to be restarted/reset again. i hear it repeted from many places that it is an thing and some device can not handle packages because of weak CPU, OS or network stack. So to learn and understand this better and do safe OT incident response, i like to see/test devices like that. Regards Tooms |
|
|
|
September 23rd, 2023, 11:47 AM
|
#4 |
|
Lifetime Supporting Member + Moderator
Join Date: May 2006
Location: State of Denial
Posts: 1,774
|
Unfortunately for your needs it's not smaller but an Altivar71 with ethernet I/P will reliably fault when IT based scan tools (Artic Wolf, Angry IP scanner etc) interrogate it. Only have 4 of those left and can't wait to dump them.
Look for devices that used a java based HMI that won't render in modern browsers as a good vintage to draw from. With modern hardware I doubt they will actually fault but a device with a small number of connection sockets might be a good target. I expect the results will be connection losses and not actual faults though like the Altivars. Look into the CERT or ISAC database for vulnerability listings.
__________________
≈ There are 2 kinds of people in the world... (1) Those that can derive answers from incomplete Data |
|
|
 |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
|
|
Similar Topics
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Unable to set up FTview SE Network directory outside of the local network | Steinarr | LIVE PLC Questions And Answers | 6 | December 2nd, 2016 02:20 PM |
| timer trigger in s7300 | mostafah | LIVE PLC Questions And Answers | 26 | July 25th, 2008 03:11 AM |
| Not seeing all devices on network | deand | LIVE PLC Questions And Answers | 3 | July 23rd, 2008 11:02 AM |
| s7 200 | gaannesh | LIVE PLC Questions And Answers | 10 | April 21st, 2008 01:33 AM |
| Unitronics Network Scanning | TimothyMoulder | LIVE PLC Questions And Answers | 0 | February 4th, 2003 11:30 AM |
You are not registered yet. Please click here to register!
Linear Mode
