nanog mailing list archives
Re: First real-world SCADA attack in US
From: Mark Radabaugh <mark () amplex net>
Date: Mon, 21 Nov 2011 16:30:46 -0500
On 11/21/11 4:09 PM, Leigh Porter wrote:
Probably nowhere near that sophisticated. More like somebody owned the PC running Windows 98 being used as an operator interface to the control system. Then they started poking buttons on the pretty screen.On 21 Nov 2011, at 20:23, "Ryan Pavely"<paradox () nac net> wrote:Might I suggest using 127.0.0.2 if you want less spam :P Pretty scary that folks have 1. Their scada gear on public networks, not behind vpns and firewalls.Do people really do that? Just dump a /24 of routable space on a network and use it? Fifteen years ago perhaps, but now, really? Or are these legacy installations with Cisco routers that don't do 'ip classless' and that everybody has forgotten about?2. Allow their hardware vendor to keep a list of usernames / passwords.Yeah I can believe this. That's if they bothered changing the passwords at all.2b. Obviously don't change these so often. Whens the last time they really "called support" and refreshed the password with the hw vendor.... Probably when they installed the gear... Sheesh..I am curious now as to what you would find port scanning for port 23 on some space owned by utility companies. Now, I'm not about to do this, but it would be interesting. Does anybody know what really happened here? We're they just using some ancient VHF radio link to an unmanned pumping station that somebody hacked with an old TCM3105 or AM2911 modem chip and a ham radio? -- Leigh
Somewhere there is a terrified 12 year old.Please don't think I am saying infrastructure security should not be improved - it really does need help. But I really doubt this was anything truly interesting.
-- Mark Radabaugh Amplex mark () amplex net 419.837.5015
Current thread:
- First real-world SCADA attack in US Jay Ashworth (Nov 21)
- Re: First real-world SCADA attack in US Arturo Servin (Nov 21)
- Re: First real-world SCADA attack in US -Hammer- (Nov 21)
- Re: First real-world SCADA attack in US Leigh Porter (Nov 21)
- Re: First real-world SCADA attack in US Ryan Pavely (Nov 21)
- Re: First real-world SCADA attack in US Jay Ashworth (Nov 21)
- Re: First real-world SCADA attack in US Stefan Bethke (Nov 21)
- Re: First real-world SCADA attack in US Leigh Porter (Nov 21)
- Re: First real-world SCADA attack in US Mark Radabaugh (Nov 21)
- Re: First real-world SCADA attack in US Steven Bellovin (Nov 21)
- Re: First real-world SCADA attack in US Michael Painter (Nov 22)
- Re: First real-world SCADA attack in US Arturo Servin (Nov 21)
- Re: First real-world SCADA attack in US Jay Ashworth (Nov 21)
- Re: First real-world SCADA attack in US Charles Mills (Nov 21)
- Re: First real-world SCADA attack in US Mark Radabaugh (Nov 21)
- RE: First real-world SCADA attack in US Jason Gurtz (Nov 21)
- Re: First real-world SCADA attack in US Christopher Morrow (Nov 21)
- Re: First real-world SCADA attack in US Jimmy Hess (Nov 21)