RSG Model Works

We encountered a security video camera failure recently. Check your computer, this post really is being written in 2011. They parked me at an empty table with a test network and a sample of the failing device. Not knowing how to connect to it, a small bit of network investigation was in order. NMAP, the universal source of network knowledge, was invoked. Nothing fancy, mind you. “nmap -sT” and “nmap -sU” is all I ever do. Keep it simple, let the NMAP elves guide me through what ports and protocols to exercise.

The camera crashed. The security video camera crashed with “nmap -sU”. Not some ninja-cool xml-encoded command line exploit magic. Just the vanilla set of UDP ports. Locked up the device, had to power cycle it.

Come on, folks, this is 2011. Crashing due to weird network input is certainly a problem we all have to worry about, but the nmap command to kill your device should be longer than the average Starbucks latte order.

Could I have a tall dry no-fat decaf udp port scan, followed by a sysDescr.0 SNMP query and response, please?

Nothing new but a decent summary of the state of cyber-security in the
Energy space. No, it’s not just another replay of the “AMI is Hot this week, SCADA was Hot last week” NERC/CIP rant.

Remember, for every substation with AMI head-end gear, there’s some ill-secured SCADA gear, debatably hiding behind it’s not-really-obscure RS-232 cabling. And next to it, if they have an access control system, will be the network drop for the badge readers for the gate.

All on the same unmanaged switch, of course.