Nmap Development mailing list archives

Re: Another SCADA/ICS NMAP NSE script - Rockwell MicroLogix Series 1400 enumeration script

From: David Fifield <david () bamsoftware com>
Date: Thu, 3 Feb 2011 22:18:24 -0800

On Wed, Feb 02, 2011 at 12:44:36AM -0600, Bob Radvanovsky wrote:

(1) either make modifications to the existing enum scripts which are
currently available out there (and hopefully, their authors will
cooperate with me).

(2) write a specific library set that will define *all* of Rockwell,
*all* of Allen-Bradley, *all* of ..., and try and enum based on
manufacturer (which again, is back to swatting an infestation with a
toothpick).

(3) just simply quit, because there is just *too much* stuff out
there.


I think option 1 is the best. It doesn't have to be a huge job done all
at once. Not everything has to be done through NSE, either. For example,
if you get a new service fingerprint, the best thing you can do is
submit it at http://nmap.org/submit/.

What does the output of snmp-sysdescr look like for this device? If it's
missing information that your script can provide, that's something we
should know. That means we should either enhance snmp-sysdescr to handle
the new information, or add a new script along the lines of this one
that can do it. (If the additional information is important enough.)

Enumeration of devices on any given network is always welcomed, esp.
by plant/operations engineers who don't know much about "IT", but know
that they have to be compliant for regulation "XXX".  Making such
scripts helps those engineers do their jobs.


You've posited a plant engineer who would want to use a script like
this. I can appreciate that. Help me understand: how do you see the
engineer using this script? Is it for network-wide surveys, or targeted
scanning of a single host. What are the circumstances that would cause
the engineer to think, "Let's run micrologic1400.nse." I don't have any
knowledge of this sector, so I'm trying to get a handle on the use
cases.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: Another SCADA/ICS NMAP NSE script - Rockwell MicroLogix Series 1400 enumeration script David Fifield (Feb 01)
- <Possible follow-ups>
- Re: Another SCADA/ICS NMAP NSE script - Rockwell MicroLogix Series 1400 enumeration script Bob Radvanovsky (Feb 01)
  - Re: Another SCADA/ICS NMAP NSE script - Rockwell MicroLogix Series 1400 enumeration script David Fifield (Feb 03)
- Re: Another SCADA/ICS NMAP NSE script - Rockwell MicroLogix Series 1400 enumeration script Verde Denim (Feb 02)