melicherm
melicherm
Hello, good point. The use case: We have a network of around 20 frequency controllers behind an Modbus RTU to Modbus IP gateway running mbusd. We use Zabbix to monitor...
@mStirner - Any thoughts on this? How to mitigate possible write command coming over IP to mbusd?
@MatteoBiscosi - we have just this dump: Frame 15: 1490 bytes on wire (11920 bits), 1490 bytes captured (11920 bits) on interface team0.295, id 0 Section number: 1 Interface id:...
@MatteoBiscosi - got the .pcap (around 1Mil packets available @1.2GB) i have extracted 200 packets. Would like to send it to you per email - 256 KB. Can you give...
Hi, if i load the same attack .pcap (1.2G) there is some DNS, ICMP traffic, that i see in nprobe. Maybe that is what you are seeing? But if i...
Based on the sflow data (which seems correct - -> [sflow-udp-in.pcap.zip](https://github.com/user-attachments/files/17434471/sflow-udp-in.pcap.zip) i think nprobe cannot create a flow from the data it has -> e.g. because it's just UDP frament...
Hi @lucaderi, any news on this topic? Thanks.