-
-
Notifications
You must be signed in to change notification settings - Fork 417
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OPC UA protocol #82
Comments
From what I understand, to implement OPC UA we need to:
|
Of course you're right - creating a seperate directory for it is the way to go. I'm really curious about the OPC UA server :) great having you on board :) |
Cool! I'll get started then. So just logging the IP of the attacker would do right? I'm interested too! And it's great to be involved in this great project! |
This is how logging is handled in the HTTP module: def log(self, version, request_type, addr, request, response=None):
log_dict = {'remote': addr,
'timestamp': datetime.utcnow(),
'data_type': 'http',
'data': {0: {'request': '{0} {1}: {2}'.format(version, request_type, request)}}}
if response:
logger.info('{0} response to {1}: {2}'.format(version, addr, response))
log_dict['data'][0]['response'] = '{0} response: {1}'.format(version, response)
self.server.log_queue.put(log_dict) For each request, the remote address, timestamp, service type and the request itself is collected, |
As OPC is used for file transfer, one of the goals would be storing any files to a separate directory and create an md5 entry in the data section of the log entry so we are able to link it back to the attacker. |
This seems interesting: http://www.f-secure.com/weblog/archives/00002718.html This sample looks for OPC devices. |
This seems to be a good starting point: http://openopc.sourceforge.net/api.html |
OPC simulator: http://www.gray-box.net/download_graysim.php |
OPC UA seems interesting as it allows file transfer: http://en.wikipedia.org/wiki/OPC_Unified_Architecture
http://opycua.sourceforge.net/tutorial/hello.html
http://sourceforge.net/p/opycua/code/ci/default/tree/
The text was updated successfully, but these errors were encountered: