PaulDotCom mailing list archives
Re: NMAP for SCADA
From: Kevin Shaw <kevin.lee.shaw () gmail com>
Date: Tue, 27 Nov 2012 14:33:46 -0500
(Caveat: I do NERC CIP work and we use a command line script to look at netstat, lsof, etc. rather than using nmap and potentially knocking over PLCs, etc.) Having said that, look at specifying the packet timing rather than using the regular T options. Also, specify UDP ports to known services like ntp and your basic Windows services - I do that for non-SCADA port mapping already given time limits on engagements. I don't think you'll have a big issue with syn over connect scans but that idea doesn't hurt. Use -sV and grab your banners especially taking the time for full connect. You may even want to spend a couple minutes going through the scripts and tuning a couple to grab more information. On Nov 27, 2012 1:48 PM, "Bruce Barnett" <grymoire () gmail com> wrote:
I'm going to have a short-time access to a SCADA test lab, and I want to run a port map to characterize the services available. There are about 7 networks (virtual and real), with 6 physical Ethernet ports. I want to discover all services, on all networks. I don't need stealth, and I want to avoid scans that might crash older devices. I also don't want to get half-done and realize that I made the wrong choices, and have to do it again. I was thinking of using -sS, but I am concerned some devices might crash if there are too many half-open connections . So should I use -sT instead - I think. And -r would make the scan more "repeatable" if some device crashes. So any comments on using these options: nmap -r -v -sT -sU 10.1.1.0/24 10.2.0.0/24 -oX scan1.xml -oG scan1.txt repeat for next interface....., etc. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- NMAP for SCADA Bruce Barnett (Nov 27)
- Re: NMAP for SCADA Kevin Shaw (Nov 27)
- Re: NMAP for SCADA Ron Gula (Nov 27)
- <Possible follow-ups>
- Re: NMAP for SCADA Michael Wilson (Nov 27)