Nmap Development mailing list archives
Re: Another SCADA/ICS NMAP NSE script - Rockwell MicroLogix Series 1400 enumeration script
From: David Fifield <david () bamsoftware com>
Date: Thu, 3 Feb 2011 22:18:24 -0800
On Wed, Feb 02, 2011 at 12:44:36AM -0600, Bob Radvanovsky wrote:
(1) either make modifications to the existing enum scripts which are currently available out there (and hopefully, their authors will cooperate with me). (2) write a specific library set that will define *all* of Rockwell, *all* of Allen-Bradley, *all* of ..., and try and enum based on manufacturer (which again, is back to swatting an infestation with a toothpick). (3) just simply quit, because there is just *too much* stuff out there.
I think option 1 is the best. It doesn't have to be a huge job done all at once. Not everything has to be done through NSE, either. For example, if you get a new service fingerprint, the best thing you can do is submit it at http://nmap.org/submit/. What does the output of snmp-sysdescr look like for this device? If it's missing information that your script can provide, that's something we should know. That means we should either enhance snmp-sysdescr to handle the new information, or add a new script along the lines of this one that can do it. (If the additional information is important enough.)
Enumeration of devices on any given network is always welcomed, esp. by plant/operations engineers who don't know much about "IT", but know that they have to be compliant for regulation "XXX". Making such scripts helps those engineers do their jobs.
You've posited a plant engineer who would want to use a script like this. I can appreciate that. Help me understand: how do you see the engineer using this script? Is it for network-wide surveys, or targeted scanning of a single host. What are the circumstances that would cause the engineer to think, "Let's run micrologic1400.nse." I don't have any knowledge of this sector, so I'm trying to get a handle on the use cases. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Another SCADA/ICS NMAP NSE script - Rockwell MicroLogix Series 1400 enumeration script David Fifield (Feb 01)
- <Possible follow-ups>
- Re: Another SCADA/ICS NMAP NSE script - Rockwell MicroLogix Series 1400 enumeration script Bob Radvanovsky (Feb 01)
- Re: Another SCADA/ICS NMAP NSE script - Rockwell MicroLogix Series 1400 enumeration script David Fifield (Feb 03)
- Re: Another SCADA/ICS NMAP NSE script - Rockwell MicroLogix Series 1400 enumeration script Verde Denim (Feb 02)