[146739] in North American Network Operators' Group
Re: First real-world SCADA attack in US
daemon@ATHENA.MIT.EDU (Leigh Porter)
Mon Nov 21 16:09:33 2011
From: Leigh Porter <leigh.porter@ukbroadband.com>
To: Ryan Pavely <paradox@nac.net>
Date: Mon, 21 Nov 2011 21:09:45 +0000
In-Reply-To: <4ECAB2E9.4070503@nac.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 21 Nov 2011, at 20:23, "Ryan Pavely" <paradox@nac.net> wrote:
> Might I suggest using 127.0.0.2 if you want less spam :P
>=20
> Pretty scary that folks have
> 1. Their scada gear on public networks, not behind vpns and firewalls.
Do people really do that? Just dump a /24 of routable space on a network a=
nd use it?=20
Fifteen years ago perhaps, but now, really? Or are these legacy installati=
ons with Cisco routers that don't do 'ip classless' and that everybody has=
forgotten about?
> 2. Allow their hardware vendor to keep a list of usernames / passwords.
Yeah I can believe this. That's if they bothered changing the passwords at=
all.
> 2b. Obviously don't change these so often. Whens the last time they rea=
lly "called support" and refreshed the password with the hw vendor.... Pro=
bably when they installed the gear... Sheesh..
I am curious now as to what you would find port scanning for port 23 on so=
me space owned by utility companies. Now, I'm not about to do this, but it=
would be interesting.
Does anybody know what really happened here? We're they just using some an=
cient VHF radio link to an unmanned pumping station that somebody hacked w=
ith an old TCM3105 or AM2911 modem chip and a ham radio?
--
Leigh
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
