Undergraduate Honors Thesis

Abstract

• Internet connectivity has facilitated a more convenient and efficient way of managing critical infrastructure such as power plants, electrical grids, factory floors, gas meters, and more. Concurrently, internet connectivity of industrial control systems (ICS) that manage critical infrastructure broadens attack vectors for cyber attacks. Honeypots designed to emulate ICS are a valuable tool used to detect and gather information on cyber attacks directed at degrading critical infrastructure, although honeypots are far less useful to security professionals and researchers if they can be correctly identified as a honeypot by attackers. This study originally aimed to investigate the popular ICS honeypot Conpot and the signatures/heuristics that makes Conpot discoverable by automated detection mechanisms. However, repeated freezing exhibited by Conpot prompted the study to shift towards investigating a possible vulnerability within Conpot. This study demonstrates that Conpot can be frozen at will by conducting an Nmap version scan over port TCP 502, preventing Conpot from carrying out its intended function of collecting attack intelligence. Further evaluation is needed to determine the cause of the potential vulnerability and how widespread it could be.

Creator

• Mousaw, Clark

Date Awarded

• 2021-04-09

Academic Affiliation

• Information Science

Advisor

• Barker, Lecia Jane

Committee Member

• Voida, Stephen A
• Hansen, Aaron

Granting Institution

• University of Colorado Boulder

Last Modified

• 2021-05-14

Resource Type

• Undergraduate Honors Thesis

Rights Statement

• In Copyright

Language

• English [eng]

Relationships

In Collection:

• College of Media, Communication & Information Honors Theses

Items

Thumbnail	Title	Date Uploaded	Visibility	Actions
	Discoverability_of_ICS_Honeypots-_Clark_Mousaw.docx	2021-04-15	Public	Download