文件名称:
工业集散控制系统的脆弱性分析 - 看雪峰会2019.pdf
开发工具:
文件大小: 1mb
下载次数: 0
上传时间: 2019-07-21
详细说明:工业集散控制系统的脆弱性分析 - 看雪峰会2019...........己019夏全开反音喔
2019 Security Development Conference
传统DCS系统介绍
Plant Asset
Management
Remote Operations
Multivariable Control
and Optimization
Video as a Process Sensor
Plant Simulation
Video Ethernet
Supervisory Control Network
Integrated
Web-based Human Interface
Redundant Global
Precision Measurement and Control
Supervisory Control
Database Historian
ACE
Ergonomic
Operator Consol
Local Control Network
Basic Controller
Redundant
And/ Or
Process Manager
Remote
己019夏全开反音喔
现场检测系统配置列表
2019 Security Development Conference
1、2台思科29602层交换机
2、2台DCS的控制器
3、2台 Server( windows server2003)
4、4台 Client( Windows Xp sp3)
5、1台Kali2008
己019夏全开反音喔
DCS网络架构图
2019 Security Development Conference
Client
Client
Servel
Server
Client
Client
C2960-24X
Hacker
BB
Reduntant
Controller
己019夏全开反音喔
Ethernet网络机制
2019 Security Development Conference
(Intermediate Driver)
Config Tool
User Interface
Pd a
Device IndexA→AA→BB>AB→B| Num Interfaces Interval Dup State
System Managemet
MMC Plug-in
59
OK OKOKOK
1000 No Duplicates
winSock2
User mode
OK
OKOKOK
1000 No Duplicates
Kernel Mode
TCP/ UDP
OK N/A N/A
1000 No Duplicates
Transport
Dover
OKOK N/A N/A
1000 No Duplicates
protoco/
Eanenet frame
舰舰
0000
OKOK N/A N/A
1000 No Duplicates
OK OK N/A N/A
1000 No Duplicates
Emmet frame
n
NIC Switch
Intermediate
Manager
Node 1
Driver
Vrus
Vine
DerA
Driver B
Ethernet
Software
Sending Channel Receiving Channel Channel Path Path Status
Enema! trame
Channel A
Channel a
NDIS
SWA
SWB
Channel B
Channel b
2
0
E:nene: frame
Control flow
Miniport
Channel B
Channela
moor
Data flow
Driver A Driver B
Channela
Channel b
4
0
A B\
Ethemet frame
= channel is health
Node 2
0== channel is broken
己019夏全开反音喔
DCS系统的脆弱性-网络层
2019 Security Development Conference
尝试
Google
厂商网络交换机默认配置
雨目
I Revision 03/12
思科29602层交换机
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
通过MSTP协议支持
service timestamps debug uptime
service timestamps lo
g uptime
service password-encryption
多路径通讯和冗余
spanning-tree mode ms
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree mst hello-time 1
己019夏全开反音喔
DCS系统的脆弱性-网络层
2019 Security Development Conference
可以采用STP的BPDU的攻击方式产生网络的震荡
Device
Di sabled
Priority=0
Device
Root
Port A1
Port A2
Bridge
STP Topology
Calculation
Forwarding
3
Blocking
Port B
Port C1
Path cost=4
Port B2
Port c2
Device B
Device
Device
Device
Priority=1
Priority=2
root port
Learning
Listening
o designated port
X blocked port
己019夏全开反音喔
DCS系统的脆弱性-网络层
2019 Security Development Conference
可以采用STP的BPDU的攻击方式产生网络的震荡
File
Choose protocol attack o1
CDP DHCP 802.1Q 802.1 DTP HSRP ISL MPLS STP VTP
ture
Edit mode
Exit
Choose attack
Protoc
ISL MPLS STP VTP Yersinia log
Description
CDP
O sending conf BPDU
○ sending tcn BPDu
802.sending conf BPDUs
802.1O sending tcn BPDUs
DIP
O Claiming Root Role
O Claiming Other Role
HSRP O Claiming root role with MITMC
MPLS
Cancel
OK
Field Value Description
panning Tree Protocol
Source MAC 0A: 23: 16: 02: FF: 08 Destination MAC 01: 80: C2: 00: 00:00
Ver 00 T
ype
Rooted
5080. 760F0E14AC58 Pathcost 00000000
Bridgeld CB09 E7CD90117CAA Port 8002 Age 0000 Max 0014 Hello 0002 Fwd 00oF
00:59:47
己019夏全开反音喔
DCS系统的脆弱性-网络层
2019 Security Development Conference
尝试CVE-2018-0171缓冲器溢出攻击
Header (16bvtes)+
TLV_1(224bytes)
TLV_2(2048bytes)
Msg frome
Versione Msg_hdr_type Data_length-Ty
Length
values
Datae
0x000000d8
Data+
0x0000000140×0000000140x000000070×000000d80×00000001
*2048
(Data length)e
(216bytesj
81
s data ength
a points to e pocket
0-se+lvte
,3:13
osa+tenths
rG, CEB.+1 _,.a1)a 9t
e pacet
1c14
一是m1r
Stack-baeed br丰
(系统自动生成,下载前可以参看下载内容)
下载文件列表
相关说明
- 本站资源为会员上传分享交流与学习,如有侵犯您的权益,请联系我们删除.
- 本站是交换下载平台,提供交流渠道,下载内容来自于网络,除下载问题外,其它问题请自行百度。
- 本站已设置防盗链,请勿用迅雷、QQ旋风等多线程下载软件下载资源,下载后用WinRAR最新版进行解压.
- 如果您发现内容无法下载,请稍后再次尝试;或者到消费记录里找到下载记录反馈给我们.
- 下载后发现下载的内容跟说明不相乎,请到消费记录里找到下载记录反馈给我们,经确认后退回积分.
- 如下载前有疑问,可以通过点击"提供者"的名字,查看对方的联系方式,联系对方咨询.