| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Jan 2008 23:16:00 -0600 From: b9u4ea <b9u4ea@...il.com> To: gmaggro <gmaggro@...ers.com> Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: scada/plc gear Looks like a fantastic and robust little tool :) That is certainly some rather odd behaviour... The fact that the other ports remained makes it likely an application (modbus) problem. Was it an ethernet to rs232 converter? (I obviously didn't look up the part number). Did you happen to catalogue the 'crud' which you sent prior to failure? I know particular header options have unexpected results a great deal of control systems. I also know particular vendor's ip stack implementations have been known to be produced some very things, eg, odd ip options (off the top of my head the AB series of PLCs). Now I'm curious, what other devices are you testing? On Jan 7, 2008 6:47 PM, gmaggro <gmaggro@...ers.com> wrote: > > http://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf. > > For example: http://www.modbus.pl/download/zxy66/v19/modbus_perl_client.zip > > Thank you for the links. > > I like the following: http://www.modbusdriver.com/modpoll.html > > "modpoll is a command line based Modbus master simulator and test > utility". There's binaries for a few different platforms. Enough to get > someone speaking modbus/tcp over the wire and the ability to read device > registers, coils, what have you. > > > you spend 2 minutes with google you'll find more then you'll need. > > Agreed, but part of what I want to help accomplish is a weeding of the > crud, saving folks some time. Hopefully not annoy people with too much > 'cocking stupid' crap. > > > Anyways, enjoy your research... > > Oh, I am! That Kohler Power systems box, turns out, wasn't as robust as > I hoped. It was built around a Lantronix Xport embedded ethernet device > server, I think an Xport-485 > (http://www.lantronix.com/pdf/XPort-485_DS.pdf and/or > http://www.lantronix.com/pdf/XPort_PB.pdf). > > At first it held up a couple days, but after pounding it with random > crud (on various ports) 502/tcp stopped showing up. Attempts to get 502 > to show up again, by multiple power cyclings and leaving it off for > extended periods, made no difference. The only things that continued to > show up reliably were 69, 9999, 80 and 161. > > Tried to find a way to reset it, either by the configuration menus or > hardware (I took the case off) but had no luck. Attempted a reset via > upgrading its firmware with the 'Device Installer' util (came with it on > CD), but wound up bricking it so I couldn't continue. Now I can't play > with it anymore and tell if 502 dropping off was some kind of a fluke or > what the story is. I'm going to ignore it as an anomaly since I can't > repeat it. > > So I ripped open the Xport module. That thing is quite the little > marvel, a couple BGAs (an Atmel and a Lantronix DSTni-EX) and assorted > glue crammed in behind an RJ45. Wonder how commonly used they are. > Written on the small metal case was "GM42501 Rev 2.0 (Modbus)" and > "XP1001000-03-GC, Rev. A11" among other things. > > 1 piece of gear down, 5 more to go :) > > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists