Project: Reconnaissance and Attack on ICS NetworksEnvironment Setup
The second mini project will be based on Industrial Network Protocols, specifically the Modbus protocol. Please follow the instructions carefully to set up the project environ- ment:
- We will be using Mininet for the project. Pre-built VM images including Mininet and other useful software is provided in the following link :Mininet VM.
- Once the download is complete, import the VM onto VirtualBox (or any other VMM) by double-clicking the .ovf file.
- Turn on the VM. When prompted to login, use the following details:
- Login: mininet
- Password: mininet
- To get a GUI, on the command line type the following :
- sudo apt-get update
- sudo apt-get install xinit ubuntu-desktop (this takes a while)
- startx
- Ctrl+Alt+T to get a terminal. Type : rm -rf∼ /.config
- We will also be using Wireshark, a packet analyser, in the project. It has been installed in the VM by default. Please update it to the last version. If you could not find it, download the last version of Wireshark from here:Wireshark
- Download the Modbus tk library fromModbus tk. Go through the examples on the same Github page. They are very helpful.
- Here are some other useful documentation on Modbus protocol:link 1;link 2;link 3.
Introduction
In the previous project, we have learned how to read, write and modify a Ladder Logic program. This is a very important skill to have as an attacker when trying to compromise an ICS network through PLCs. But before you can do that you need to have knowledge of the network such as the number of nodes communicating, the processes they are running, etc. Then, you can send malicious commands with the same protocol and perform severe sabotage. Since most of the ICS protocols are communicating with plain text, it is very easy to launch attacks on these systems. As the first step, an attacker would first perform reconnaissance on the network by collecting and analyzing the network traffic.
Part 1
Download the modbus capture.pcapng file from Canvas. This file contains communication between several devices running the Modbus protocol. Assume there is a reactor within a reactor chamber. The target process is to control the reactor temperature and maintain it around 100 C. There are two valves connected to the reactor chamber. One valve fills the reactor chamber and the other valve drains the reactor chamber. There is a master device. The master toggles coils on a PLC to simulate the opening or closing of one of the two valves in order to regulate the temperature. The master also randomly writes a set point on the PLC. This writing of set point is to indicate that the master is tweaking the reactor temperature in order to optimize the reactor functioning. Note that there might be some other unknown sensors in the process and pcap file. Use Wireshark to analyze the given pcap file and answer the following questions:
1. How many different devices can you identify? Mention what role they play in the reactor example described above.
2. How many registers can you identify on each device? 3.What type of registers are being accessed on each device?
4.Which PLC and Modbus reference/register addresses are used to control the tem- perature set point and valves?
Briefly state your reasoning behind each answer.
Part 2
Now that you have understood and identified the different devices and registers from the pcap file, recreate the setup you have seen in part 1 using run simulation.py. Modify the Modbus master (tcp master.py) to set the temperature really high and close both the valves, attempting to cause an explosion. Pseudo codes for both Master and slave are provided in tcp master.py and tcp slave.py, respectively. Use Wireshark to capture the traffic between the master and the slaves and submit the pcap (name it Part2.pcap).
State and explain briefly your assumptions/reasoning. Note that you should create the network exactly the same as part 1; however, you do not need to simulate sensor readings. Simulating the malicious write commands would be sufficient to get the full credit of this part.
Attachment:- mini project.rar