Re: NMAP for SCADA

[Ron Gula <rgula () tenable com>]

If you have access to a Nessus Pro Feed, it supports SCADA/ICS
service/vuln detection for a wide variety of devices. I've gone into a variety
of ICS labs and done scanning with no crashes of big or small devices.

Personally, I always find it funny how much embedded Windows OSes
there are in these ICS labs.

Ron Gula, CEO
Tenable Network Security

On Nov 27, 2012, at 1:48 PM, "Bruce Barnett" <grymoire () gmail com> wrote:

> I'm going to have a short-time access to a SCADA test lab, and I want
> to run a port map to characterize the services available.
>
> There are about 7 networks (virtual and real), with 6 physical
> Ethernet ports. I want to discover all services, on all networks. I
> don't need stealth, and I want to avoid scans that might crash older
> devices. I also don't want to get half-done and realize that I made
> the wrong choices, and have to do it again.
>
> I was thinking of using -sS, but I am concerned some devices might
> crash if there are too many half-open connections .
> So should I use -sT instead - I think.
> And -r would make the scan more "repeatable" if some device crashes.
> So any comments on using these options:
>
>    nmap  -r -v -sT -sU 10.1.1.0/24 10.2.0.0/24 -oX scan1.xml -oG scan1.txt
> repeat for next interface....., etc.
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com