What is a SCADA Honeynet?
The SCADA Honeynet appears to the attacker to be a popular Programmable Logic Controller (PLC) commonly used in critical infrastructure SCADA and DCS. The PLC communicates with sensors and instruments to monitor and control the physical process. Some of the protocols in the SCADA Honeynet are common IT protocols and others are specific to the SCADA environment. A list of exposed services is shown in Figure 1. Service Port Purpose FTP tcp/21 Firmware/Device Management Telnet tcp/23 Device Configuration/Management HTTP tcp/80 Device Configuration/Management SNMP udp/161 Device/Service Health/Statistics Modbus TCP tcp/502 Control Figure 1 – SCADA Honeynet Exposed Services Modbus TCP on port 502 is a widely used, standard SCADA protocol in PLC’s and other field devices that monitor sensors and control instruments. It is a simple and concise request-response application layer protocol originally designed for serial communication at low data rates, such as 300 baud. The SCADA Honeynet has a
