OT 110: DNP3 (15 pts)

What You Need

A Windows machine. I used a Windows Server 2023 VMware virtual machine.
A Linux machine. I used a Debian 11 headless server in VMware.

Purpose and Background

DNP3 is a newer protocol than Modbus with more features. It was developed in 1993. See Modbus, DNP3 and HART for more information.

DNP3 Insecurity

Like Modbus, DNP3 has no encryption or authentication. This means that anyone with access to the DNP3 network can perform any desired read or write operations. Security must be provided externally, by limiting access to the DNP3 network with a VPN concentrator or other device providing a security barrier.

Installing OpenPLC Runtime

Your Debian machine should already have OpenPLC runtime. If it doesn't, execute these commands, one at a time:

sudo apt-get install git -y git clone https://github.com/thiagoralves/OpenPLC_v3.git cd OpenPLC_v3 ./install.sh linux

Starting OpenPLC Runtime

On your Debian machine, in a Terminal or SSH window, execute these commands:

cd cd OpenPLC_v3 sudo ./start_openplc.sh

OpenPLC starts, and displays various addresses to view the Dashboard, as shown below.

Opening the OpenPLC Dashboard

In a Web browser, go to the last address displayed in your Linux terminal.

The Dashboard appears, as shown below.

Starting the PLC

On the lower left, click the "Start PLC" button.

The Runtime Logs show that the DNP3 server is listening on port 20000, as shown below.

Getting the DNP3 Client Master Simulator

Om your Windows machine, in a browser, go to

https://sourceforge.net/projects/dnp3-client-master-simulator/files/

Click the Download button.

Save the DNP3 Protocol.zip file in your Downloads folder.

Open Windows Explorer and open your Downloads folder.

Right-click the "DNP3 Protocol.zip" file and click "Extract All...", Extract. Click Extract.

Double-click the "DNP3 Protocol" folder to open it.

Double-click the Simulator folder to open it.

Right-click the DNPClientSimulator.zip file and click "Extract All...", Extract. Click Extract.

Right-click the DNPClientSimulator.exe file and click Properties.

If the Security section at the bottom says "This file came from another computer...", click Unblock. Click OK.

Double-click the DNPClientSimulator.exe file.

Install the software with the default options.

"DNP Client Simulator" opens, as shown below.

At the top left, click the "Add Client" button.

Make these changes, as shown below.

TCP Server IP Address (running device) Your Debian Machine's IP Address
Master Address: 1
Outstation / Slave Address: 10

At the top center, click the Data_Objects_1 tab.

Click the "Start Communication" button.

The screen fills with many lines of data, as shown below.

Installing Wireshark

Your Windows system should already have Wireshark installed. If it does not, get it from:

https://www.wireshark.org/

Launch Wireshark.

Double-click the adapter that goes to the Internet, which was Ethernet1 on my system, outlined in red in the image below.

Flag OT 110.1: Response (15 pts)
Wireshark shows DNP Read and Response packets, as shown below.
In the top pane, click a Response packet.
In the Details pane, expand the "Distributed Network Protocol 3.0 " container.
The flag is covered by a green rectangle in the image below.

References

openplc scadabr using dnp3, what settings to use?
ICS_CTF Discovery
Awesome Industrial Protocols

Posted 12-28-23