Method for quickly identifying networked industrial control device

Abstract

The invention discloses a method for quickly identifying a networked industrial control device. The method is characterized by comprising a pre-scanning stage and an industrial control device identification stage, wherein the pre-scanning stage comprises: uniformly allocating scanning tasks by using a distributed scanning mechanism, splitting a specified IP address segment, judging whether an IP host and a port survive by using a TCP stateless detector, and storing IP addresses of the survival IP host and the survival port in an IP buffer pool identified by the device, and the industrial control device identification stage comprises: obtaining the survival IP host and the port from the IP buffer pool, establishing a complete TCP connection, sending a specific industrial control protocol identification data packet of the port, waiting for the response of a server, returning a data packet by the networked industrial control device, analyzing the data packet, and matching the data packet with a fingerprint library of the industrial control device. According to the method disclosed by the invention, the distributed scanning technology is imported, segmented scanning is carried out by fully using scanning nodes, the resources of a computer are saved, the scanning efficiency is greatly improved, and meanwhile the survivability of the IP host and the industrial control port are clarified before the industrial control device is identified, thereby shortening the response delay time caused by the non-survival of the port.

Description

technical field [0001] The invention relates to the field of identification of networked industrial control equipment, in particular to a method for quickly identifying networked industrial control equipment. Background technique [0002] With the development of information technology and intelligent manufacturing technology, more and more industrial control equipment or systems of various industrial control manufacturers such as Siemens, ABB, Advantech, etc. are exposed in the cyberspace of the Internet, and are easily exploited by hackers. attack with serious consequences. In order to quickly search and monitor the industrial control equipment or systems connected to the Internet, and grasp the type, scale and geographical distribution of the equipment, it is urgent to use related technologies to identify networked industrial control systems or equipment. Since the networked industrial control equipment and systems have their corresponding specific attributes on the netwo...

AI Technical Summary

Problems solved by technology

[0003] In the prior art, IP and port are used to directly perform TCP three-way handshake connection. If successful, the industrial control device fingerprint detection data packet will be sent, and if it fails, it will enter the next IP+port device detection, resulting in TIMEOUT( Timeout) time is too long, and at the same time, there is no complete industrial control equipment fingerprint library, which leads to the inability to quickly and accurately identify the type and model of industrial control equipment, etc.

Images