conpot icon indicating copy to clipboard operation
conpot copied to clipboard

Published 20 hours ago verified publisher icon mushorg

Test Profinet scan tools

Open glaslos opened this issue 10 years ago • 3 comments

There are a couple of tools we should try against Conpot: https://github.com/HSASec/ProFuzz and https://github.com/atimorin/PoC2013/tree/master/profinet

glaslos avatar Oct 16 '14 07:10 glaslos

Did the scan for ProFuzz.

Scan Results :

~/Desktop/conpot/ProFuzz/logs$ head 2017-02-08_23\:18\(01\:0e\:cf\:00\:00\:00\)_answered.txt 
=== Answered Packets ===
<Results: TCP:0 UDP:0 ICMP:0 Other:0>
<Results: TCP:0 UDP:0 ICMP:0 Other:0>
<Results: TCP:0 UDP:0 ICMP:0 Other:0>
<Results: TCP:0 UDP:0 ICMP:0 Other:0>
<Results: TCP:0 UDP:0 ICMP:0 Other:0>
<Results: TCP:0 UDP:0 ICMP:0 Other:0>
<Results: TCP:0 UDP:0 ICMP:0 Other:0>
<Results: TCP:0 UDP:0 ICMP:0 Other:0>
<Results: TCP:0 UDP:0 ICMP:0 Other:0>

and

~/Desktop/conpot/ProFuzz/logs$ head 2017-02-08_23\:18\(01\:0e\:cf\:00\:00\:00\)_unanswered.txt 
=== Unanswered Packets ===
<Unanswered: TCP:0 UDP:0 ICMP:0 Other:1>
<Unanswered: TCP:0 UDP:0 ICMP:0 Other:1>
<Unanswered: TCP:0 UDP:0 ICMP:0 Other:1>
<Unanswered: TCP:0 UDP:0 ICMP:0 Other:1>
<Unanswered: TCP:0 UDP:0 ICMP:0 Other:1>
<Unanswered: TCP:0 UDP:0 ICMP:0 Other:1>
<Unanswered: TCP:0 UDP:0 ICMP:0 Other:1>
<Unanswered: TCP:0 UDP:0 ICMP:0 Other:1>
<Unanswered: TCP:0 UDP:0 ICMP:0 Other:1>

While at that I observed nothing in conpot.

xandfury avatar Feb 08 '17 18:02 xandfury

Hi, I tried fuzzy testing from both the scanners and although I received the packets sent from the fuzzer, all of them were unanswered. I have attached the images of the logs of ProFuzz and profinet respectively:

profuzz profinet

There was no behaviour noticed from conpot's side.(None recorded in the logs). Is this correct? Or is some response expected from conpot's side?

Thanks.

shrave avatar Feb 12 '17 12:02 shrave

Hey guys, sorry for the confusion.

Conpot does not (yet) react to process field network (profinet) requests because it currently has no handler to do so. To be more clear about this: A profinet service is not yet available in conpot and therefore neither do we see any incoming packets for this particular traffic, nor do we answer them in any way.

This ticket is more or less a reminder that there are test tools for profinet available so that we don't forget about them once we're supporting it in our codebase.

creolis avatar Feb 14 '17 11:02 creolis