Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OPC UA protocol #82

Open
glaslos opened this issue Sep 26, 2013 · 8 comments
Open

OPC UA protocol #82

glaslos opened this issue Sep 26, 2013 · 8 comments
Labels
enhancement protocol

Comments

@glaslos
Copy link
Member

glaslos commented Sep 26, 2013

OPC UA seems interesting as it allows file transfer: http://en.wikipedia.org/wiki/OPC_Unified_Architecture

http://opycua.sourceforge.net/tutorial/hello.html
http://sourceforge.net/p/opycua/code/ci/default/tree/
@Sp3ctr3
Copy link
Contributor

Sp3ctr3 commented Nov 10, 2013

From what I understand, to implement OPC UA we need to:

  1. Create a OPC UA server in python.
  2. Start it along with the http,snmp,modbus and s7 servers and add it to gevent.
    3)Log all incoming connections (Just the IP or the data too?)
    Am I missing anything? I'm thinking of creating a separate directory for it like the other protocols.

@creolis
Copy link
Member

creolis commented Nov 10, 2013

  1. Implement unit tests ... this is what I try to get away without - but Lukas is a man with eagle eyes :P
  2. extend the manual with necessary configuration directives you added to the configuration XML

Of course you're right - creating a seperate directory for it is the way to go.
For the logging - you just pass the information as requested by the logging module - so all the fields requested by the logging function.

I'm really curious about the OPC UA server :) great having you on board :)

@Sp3ctr3
Copy link
Contributor

Sp3ctr3 commented Nov 10, 2013

Cool! I'll get started then. So just logging the IP of the attacker would do right? I'm interested too! And it's great to be involved in this great project!

@creolis
Copy link
Member

creolis commented Nov 10, 2013

This is how logging is handled in the HTTP module:

    def log(self, version, request_type, addr, request, response=None):

        log_dict = {'remote': addr,
                    'timestamp': datetime.utcnow(),
                    'data_type': 'http',
                    'data': {0: {'request': '{0} {1}: {2}'.format(version, request_type, request)}}}

        if response:
            logger.info('{0} response to {1}: {2}'.format(version, addr, response))
            log_dict['data'][0]['response'] = '{0} response: {1}'.format(version, response)

        self.server.log_queue.put(log_dict)

For each request, the remote address, timestamp, service type and the request itself is collected,
if we send a response to the remote address, we attach the response (in this case the response code) too.

@glaslos
Copy link
Member Author

glaslos commented Nov 10, 2013

As OPC is used for file transfer, one of the goals would be storing any files to a separate directory and create an md5 entry in the data section of the log entry so we are able to link it back to the attacker.

@glaslos
Copy link
Member Author

glaslos commented Jun 24, 2014

This seems interesting: http://www.f-secure.com/weblog/archives/00002718.html This sample looks for OPC devices.

@glaslos
Copy link
Member Author

glaslos commented Oct 16, 2014

This seems to be a good starting point: http://openopc.sourceforge.net/api.html

@glaslos
Copy link
Member Author

glaslos commented Sep 10, 2015

OPC simulator: http://www.gray-box.net/download_graysim.php

@glaslos glaslos modified the milestone: 0.6.0 Nov 11, 2015
@glaslos glaslos removed this from the 0.6.0 milestone Nov 7, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement protocol
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@glaslos @Sp3ctr3 @creolis