PaulDotCom mailing list archives
Re: NMAP for SCADA
From: Ron Gula <rgula () tenable com>
Date: Tue, 27 Nov 2012 20:26:45 +0000
If you have access to a Nessus Pro Feed, it supports SCADA/ICS service/vuln detection for a wide variety of devices. I've gone into a variety of ICS labs and done scanning with no crashes of big or small devices. Personally, I always find it funny how much embedded Windows OSes there are in these ICS labs. Ron Gula, CEO Tenable Network Security On Nov 27, 2012, at 1:48 PM, "Bruce Barnett" <grymoire () gmail com> wrote:
I'm going to have a short-time access to a SCADA test lab, and I want to run a port map to characterize the services available. There are about 7 networks (virtual and real), with 6 physical Ethernet ports. I want to discover all services, on all networks. I don't need stealth, and I want to avoid scans that might crash older devices. I also don't want to get half-done and realize that I made the wrong choices, and have to do it again. I was thinking of using -sS, but I am concerned some devices might crash if there are too many half-open connections . So should I use -sT instead - I think. And -r would make the scan more "repeatable" if some device crashes. So any comments on using these options: nmap -r -v -sT -sU 10.1.1.0/24 10.2.0.0/24 -oX scan1.xml -oG scan1.txt repeat for next interface....., etc. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- NMAP for SCADA Bruce Barnett (Nov 27)
- Re: NMAP for SCADA Kevin Shaw (Nov 27)
- Re: NMAP for SCADA Ron Gula (Nov 27)
- <Possible follow-ups>
- Re: NMAP for SCADA Michael Wilson (Nov 27)