On 11/21/11 4:09 PM, Leigh Porter wrote:
On 21 Nov 2011, at 20:23, "Ryan Pavely"<[email protected]> wrote:
Might I suggest using 127.0.0.2 if you want less spam :P
Pretty scary that folks have
1. Their scada gear on public networks, not behind vpns and firewalls.
Do people really do that? Just dump a /24 of routable space on a network and
use it?
Fifteen years ago perhaps, but now, really? Or are these legacy installations
with Cisco routers that don't do 'ip classless' and that everybody has
forgotten about?
2. Allow their hardware vendor to keep a list of usernames / passwords.
Yeah I can believe this. That's if they bothered changing the passwords at all.
2b. Obviously don't change these so often. Whens the last time they really "called
support" and refreshed the password with the hw vendor.... Probably when they
installed the gear... Sheesh..
I am curious now as to what you would find port scanning for port 23 on some
space owned by utility companies. Now, I'm not about to do this, but it would
be interesting.
Does anybody know what really happened here? We're they just using some ancient
VHF radio link to an unmanned pumping station that somebody hacked with an old
TCM3105 or AM2911 modem chip and a ham radio?
--
Leigh
Probably nowhere near that sophisticated. More like somebody owned the
PC running Windows 98 being used as an operator interface to the control
system. Then they started poking buttons on the pretty screen.
Somewhere there is a terrified 12 year old.
Please don't think I am saying infrastructure security should not be
improved - it really does need help. But I really doubt this was
anything truly interesting.
--
Mark Radabaugh
Amplex
[email protected] 419.837.5015
