Script iec-identify

Script types: portrule
Categories: discovery, intrusive

Script Summary

Attempts to identify IEC 60870-5-104 ICS protocol.

After probing with a TESTFR (test frame) message, a STARTDT (start data transfer) message is sent and general interrogation is used to gather the list of information object addresses stored.

Example Usage

nmap -sV --script=iec-identify <target>

Script Output

| iec-identify:
|   ASDU address: 105
|_  Information objects: 30



  • Aleksandr Timorin
  • Daniel Miller

License: Same as Nmap--See