IT-specialist Lukas Rist developed the Conpot honeypot to lure hackers targeting the critical infrastructure systems.
Conpot detects cybercriminals scanning IP addresses for SCADA systems and then tracking their activities. The honeypot simulates a Siemens SIMATIC S7-200 programmable logic controller that is connected to the internet via a CP 443-1 I/O module. Conpot supports two network protocols Modbus and SNMP, which are used by SCADA-systems.
Conpot is also compatible with HMI (human-machine interface) solutions, graphical user interfaces used to manage the control systems.
“The main goal is to make this kind of technology available for a general audience,” said Lukas Rist. “Not just for security researchers, but also people who are system administrators setting up ICS systems who have no clue what could happen and want to see malware attacks against their systems and not put them in any danger.”