Re: Hack help

From: Roland Hall (nobody_at_nowhere)
Date: 04/11/05

Date: Mon, 11 Apr 2005 03:52:25 -0500

"Michael Pelletier" wrote in message news:vNm6e.36949$Xs.30700@fed1read03...
: Roland Hall wrote:
: > "bjh" wrote in message news:6Yg6e.17236$vt1.8943@edtnps90...
: > : Hey all, I just took a new job, and am getting trained to do security
: > audits
: > : of companies, I need to hack a piece of hardware. The device is a
: > scadapack
: > : 32, it is used to control valves opening and closing(in my case
: > : a lightbulb on).
: > :
: > : It has ethernet and I need to get into it via ethernet, for now we are
: > just
: > : hooking it up to a hub and using a laptop on that hub as well.
: > :
: > : I know how to scan for open ports, I just do not know how to exploit
: > : those ports, the protocol is modbus over tcp
: >
: > You got hired to perform security audits and all you know re: security
: > how to scan for open ports? I'll pay you a 15% referral for contact
: > information of your customers after you've audited their system.
: >
: Now, now. At least he is trying.

I place no blame on him and "you've audited", should have been "your company

: To the OP:
: Step one: Read about the modbus protocol (ie know you enemy :-))
: Step two: Figure out exactly what you want to do. Are you trying to
: in or are you trying to DOS? I am not familiar with the protocol so I will
: not be much help. If you are just trying to DOS it and since it is "over
: TCP", by your description, there are many things you can do. There are ARP
: poisoning (if you are on the same LAN), Syn flooding (need an open TCP
: but can be done remotely, many , many more. You need to do some
: Don't take this the wrong way, but why are you doing this project since
: seem to be new to systems security? Again, I mean the question
: respectfully.
: Michael
: --
: "Microsoft isn't evil, they just make really crappy operating systems." -
: Linus Torvald

I like the quote. It's hilarious because Torvald didn't write an OS, just a
kernel, and it's crappy. And, it's marketing because all OSs are crappy.
We believe we're moving forward in technology but the only true multitasking
OS is almost extinct and the most secure OS was written decades ago, before
MSFT or Torvald existed. Too funny. (O:=