If you have access to a Nessus Pro Feed, it supports SCADA/ICS service/vuln detection for a wide variety of devices. I've gone into a variety of ICS labs and done scanning with no crashes of big or small devices.
Personally, I always find it funny how much embedded Windows OSes there are in these ICS labs. Ron Gula, CEO Tenable Network Security On Nov 27, 2012, at 1:48 PM, "Bruce Barnett" <[email protected]> wrote: > I'm going to have a short-time access to a SCADA test lab, and I want > to run a port map to characterize the services available. > > There are about 7 networks (virtual and real), with 6 physical > Ethernet ports. I want to discover all services, on all networks. I > don't need stealth, and I want to avoid scans that might crash older > devices. I also don't want to get half-done and realize that I made > the wrong choices, and have to do it again. > > I was thinking of using -sS, but I am concerned some devices might > crash if there are too many half-open connections . > So should I use -sT instead - I think. > And -r would make the scan more "repeatable" if some device crashes. > So any comments on using these options: > > nmap -r -v -sT -sU 10.1.1.0/24 10.2.0.0/24 -oX scan1.xml -oG scan1.txt > repeat for next interface....., etc. > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
