工业集散控制系统的脆弱性分析 - 看雪峰会2019.pdf工业集散控制系统的脆弱性分析 - 看雪峰会

文件名称: 工业集散控制系统的脆弱性分析 - 看雪峰会2019.pdf

所属分类: 其它

开发工具:

文件大小: 1mb

下载次数: 0

上传时间: 2019-07-21

提供者: anxia******

下载 (1mb)

不能下载？报告错误

详细说明：工业集散控制系统的脆弱性分析 - 看雪峰会2019...........己019夏全开反音喔 2019 Security Development Conference 传统DCS系统介绍 Plant Asset Management Remote Operations Multivariable Control and Optimization Video as a Process Sensor Plant Simulation Video Ethernet Supervisory Control Network Integrated Web-based Human Interface Redundant Global Precision Measurement and Control Supervisory Control Database Historian ACE Ergonomic Operator Consol Local Control Network Basic Controller Redundant And/ Or Process Manager Remote 己019夏全开反音喔现场检测系统配置列表 2019 Security Development Conference 1、2台思科29602层交换机 2、2台DCS的控制器 3、2台 Server( windows server2003) 4、4台 Client( Windows Xp sp3) 5、1台Kali2008 己019夏全开反音喔 DCS网络架构图 2019 Security Development Conference Client Client Servel Server Client Client C2960-24X Hacker BB Reduntant Controller 己019夏全开反音喔 Ethernet网络机制 2019 Security Development Conference (Intermediate Driver) Config Tool User Interface Pd a Device IndexA→AA→BB>AB→B| Num Interfaces Interval Dup State System Managemet MMC Plug-in 59 OK OKOKOK 1000 No Duplicates winSock2 User mode OK OKOKOK 1000 No Duplicates Kernel Mode TCP/ UDP OK N/A N/A 1000 No Duplicates Transport Dover OKOK N/A N/A 1000 No Duplicates protoco/ Eanenet frame 舰舰 0000 OKOK N/A N/A 1000 No Duplicates OK OK N/A N/A 1000 No Duplicates Emmet frame n NIC Switch Intermediate Manager Node 1 Driver Vrus Vine DerA Driver B Ethernet Software Sending Channel Receiving Channel Channel Path Path Status Enema! trame Channel A Channel a NDIS SWA SWB Channel B Channel b 2 0 E:nene: frame Control flow Miniport Channel B Channela moor Data flow Driver A Driver B Channela Channel b 4 0 A B\ Ethemet frame = channel is health Node 2 0== channel is broken 己019夏全开反音喔 DCS系统的脆弱性-网络层 2019 Security Development Conference 尝试 Google 厂商网络交换机默认配置雨目 I Revision 03/12 思科29602层交换机 no service pad service tcp-keepalives-in service tcp-keepalives-out 通过MSTP协议支持 service timestamps debug uptime service timestamps lo g uptime service password-encryption 多路径通讯和冗余 spanning-tree mode ms no spanning-tree optimize bpdu transmission spanning-tree extend system-id spanning-tree mst hello-time 1 己019夏全开反音喔 DCS系统的脆弱性-网络层 2019 Security Development Conference 可以采用STP的BPDU的攻击方式产生网络的震荡 Device Di sabled Priority=0 Device Root Port A1 Port A2 Bridge STP Topology Calculation Forwarding 3 Blocking Port B Port C1 Path cost=4 Port B2 Port c2 Device B Device Device Device Priority=1 Priority=2 root port Learning Listening o designated port X blocked port 己019夏全开反音喔 DCS系统的脆弱性-网络层 2019 Security Development Conference 可以采用STP的BPDU的攻击方式产生网络的震荡 File Choose protocol attack o1 CDP DHCP 802.1Q 802.1 DTP HSRP ISL MPLS STP VTP ture Edit mode Exit Choose attack Protoc ISL MPLS STP VTP Yersinia log Description CDP O sending conf BPDU ○ sending tcn BPDu 802.sending conf BPDUs 802.1O sending tcn BPDUs DIP O Claiming Root Role O Claiming Other Role HSRP O Claiming root role with MITMC MPLS Cancel OK Field Value Description panning Tree Protocol Source MAC 0A: 23: 16: 02: FF: 08 Destination MAC 01: 80: C2: 00: 00:00 Ver 00 T ype Rooted 5080. 760F0E14AC58 Pathcost 00000000 Bridgeld CB09 E7CD90117CAA Port 8002 Age 0000 Max 0014 Hello 0002 Fwd 00oF 00:59:47 己019夏全开反音喔 DCS系统的脆弱性-网络层 2019 Security Development Conference 尝试CVE-2018-0171缓冲器溢出攻击 Header (16bvtes)+ TLV_1(224bytes) TLV_2(2048bytes) Msg frome Versione Msg_hdr_type Data_length-Ty Length values Datae 0x000000d8 Data+ 0x0000000140×0000000140x000000070×000000d80×00000001 *2048 (Data length)e (216bytesj 81 s data ength a points to e pocket 0-se+lvte ,3:13 osa+tenths rG, CEB.+1 _,.a1)a 9t e pacet 1c14 一是m1r Stack-baeed br丰

(系统自动生成,下载前可以参看下载内容)