From: Comparison of approaches for intrusion detection in substations using the IEC 60870-5-104 protocol
Attack name | Description |
---|---|
Portscan | The aim of this scan, performed by the network reconnaissance tool “nmap”, was to figure out which services were available by the network devices in the scanned network area. The used command was nmap -sV -r192.168.0.0-15. By the parameter -sV it was possible to draw conclusions about open ports and ongoing services. |
Vulnerability scan | A vulnerability scan against the top ten vulnerabilities in websites was done over the graphical interface of the vulnerability scanning tool “Nessus”, targeting the web interfaces of the RTUs. |
Protocol vulnerability scan | So-called Fuzz-testing is a popular security evaluation technique, in which hostile inputs are crafted and passed to the target system in order to reveal failures and security bugs. These hostile inputs could also be created by attackers to cause potentially unwanted behavior, like opening circuit breakers, in a SCADA system and so the IEC 60870-5-104 protocol fuzzer Aegis Studio has been applied. |
Denial of service | To simulate a denial of service attack against the test substation, the application “hping” was used with the command hping3 -flood -S192.168.0/24. The parameter -flood lead the program to send packets as fast as possible while -Ssymbolized the SYN Flood attack. |