|
On Shaky Ground - A Study of Security Vulnerabilities in Control Protocols
V.A. Test Environment
The basic test bench consists of (i) the DUT (in this case the PLC whose MODBUS/TCP implementation we wish tested), and (ii) the platform computer running blackPeer.
The network configuration is illustrated in figure 2.
Figure 2: The Hardware Test Bench
We selected two representative SCADA devices for test. We will refer to them as PLC M and PLC Q.
PLC Q is a modular backplane PLC. At its most basic level it consists of a variety of input/output (I/O), processor and communications modules that are installed in a common backplane. The central processor unit (CPU)
module is separate from the other modules. The Ethernet Communications module provides an interface between an Ethernet-based network, the backplane, and the CPU module. It supports the MODBUS protocol over TCP.
PLC M is a small versatile PLC. It is used for PCbased control, distributed control, distributed I/O and traditional, stand-alone PLC Control. It employs Ethernet as its primary external communications protocol and supports MODBUS/TCP.
VI. RESULTS
We start with grammars covering read and write function codes. Then we examine if the device supports
the function codes that are designated for serial only. We finish off with a grammar that examines miscellaneous and invalid function codes.
« Prev | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | Next »
|
