Catching hackers with virtual industrial plants
The Conpot honeypot simulates the kind of industrial control system that tends to be used in power plants (SCADA) and it does this in order to bait cyber criminals scanning IP addresses for SCADA systems and then watch over their shoulders.
The Python script simulates a Siemens SIMATIC S7-200 programmable logic controller that has supposedly been carelessly connected to the internet via a CP 443-1 I/O module. Conpot supports Modbus and SNMP, two network protocols that are typically used for SCADA.
According to the developers, Conpot is even compatible with HMI (human-machine interface) solutions, graphical user interfaces used to manage the control systems. An HMI should lead to a larger data volume, in part because the virtual power plant can then potentially even be found from search engines.
The man behind Conpot is Lukas Rist, who is also responsible for Glastopf, a honeypot for web applications.
(djwm)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
