Re: Hack help

From: Roland Hall (nobody_at_nowhere)
Date: 04/11/05


Date: Mon, 11 Apr 2005 03:52:25 -0500


"Michael Pelletier" wrote in message news:vNm6e.36949$Xs.30700@fed1read03...
: Roland Hall wrote:
:
: > "bjh" wrote in message news:6Yg6e.17236$vt1.8943@edtnps90...
: > : Hey all, I just took a new job, and am getting trained to do security
: > audits
: > : of companies, I need to hack a piece of hardware. The device is a
: > scadapack
: > : 32, it is used to control valves opening and closing(in my case
turning
: > : a lightbulb on).
: > :
: > : It has ethernet and I need to get into it via ethernet, for now we are
: > just
: > : hooking it up to a hub and using a laptop on that hub as well.
: > :
: > : I know how to scan for open ports, I just do not know how to exploit
: > : those ports, the protocol is modbus over tcp
: >
: > You got hired to perform security audits and all you know re: security
is
: > how to scan for open ports? I'll pay you a 15% referral for contact
: > information of your customers after you've audited their system.
: >
:
:
: Now, now. At least he is trying.

I place no blame on him and "you've audited", should have been "your company
audits".

: To the OP:
:
: Step one: Read about the modbus protocol (ie know you enemy :-))
: http://www.modbus.org/default.htm
:
http://66.102.7.104/search?q=cache:I597FSbsG3kJ:www.eecs.umich.edu/~modbus/documents/PI_MBUS_300.pdf+modbus&hl=en&ie=UTF-8
:
: Step two: Figure out exactly what you want to do. Are you trying to
"break"
: in or are you trying to DOS? I am not familiar with the protocol so I will
: not be much help. If you are just trying to DOS it and since it is "over
: TCP", by your description, there are many things you can do. There are ARP
: poisoning (if you are on the same LAN), Syn flooding (need an open TCP
port
: but can be done remotely, many , many more. You need to do some
research...
:
: Don't take this the wrong way, but why are you doing this project since
you
: seem to be new to systems security? Again, I mean the question
: respectfully.
:
: Michael
: --
:
: "Microsoft isn't evil, they just make really crappy operating systems." -
: Linus Torvald

I like the quote. It's hilarious because Torvald didn't write an OS, just a
kernel, and it's crappy. And, it's marketing because all OSs are crappy.
We believe we're moving forward in technology but the only true multitasking
OS is almost extinct and the most secure OS was written decades ago, before
MSFT or Torvald existed. Too funny. (O:=



Relevant Pages

  • Re: nmap root vs user question
    ... > and PCI compliance auditing? ... > security basics mailing list. ... the major threats are not going to come up the ... wire looking for open ports. ...
    (Security-Basics)
  • open ports / local scan / kernel hack ?
    ... I just began learning security issues. ... but here the output of "kstat": ... I tried to reconfigure /etc/services and /etc/inetd.conf to disallow unwanted services and Ports. ... Is my kernel affected or are there any other possibilities than /etc/services and /etc/inetd.conf to open ports for daemons??? ...
    (Security-Basics)
  • Re: Why a firewall for a PC?
    ... > as his ISP so that he can have a broadband connection. ... In the environment I work in, a firewall has a primary purpose ... > computers they can find, looking for open ports, etc. ... or outbound and implement TCP/IP Security on the XP O/S. ...
    (comp.security.firewalls)
  • Re: open ports / local scan / kernel hack ?
    ... On Fri, 8 Mar 2002, Franz Alt wrote: ... btw, in the past nobody concerned about security in this small network, because there are no "secrets", we just buid webpages. ... I tried to reconfigure /etc/services and /etc/inetd.conf to disallow unwanted services and Ports. ... Besides the installed service-ports there where 2 open Ports shown: ...
    (Security-Basics)
  • Re: The Pros and Cons of Firefox
    ... Michael Pelletier wrote in ... >> as their criticality and prevelance. ... > Sure security problems that are here and now are the most important. ... Windows Explorer & Outlook Express to name a few. ...
    (comp.security.misc)