Lately I met 2 non-standard Modbus servers. I wonder if someone here had a similar experience (and I want to share it, possibly to help others).
Case 1:
A small custom-build PLC. No matter what read request it receives, it always sends all the registers (13 or 14 if I remember correctly). To support this behaviour (in combination with our variable-register-size mode), I've added "Dummy Request Mode" to our Modbus driver options.
Case 2:
A control unit by https://www.comap-control.com. It supports "Authentication" for Modbus TCP. It means that the first thing the client has to do after a TCP connection is established is to write a password (up to 16 bytes) to a specific address. Then (if the password is correct) the unit is willing to accept read/write commands. Without a password, it only returns exception codes. To support this behaviour, I've added 3 more parameters - TCP Write Password (the data), TCP Password Address (register address), and TCP Password Function (6 or 16).
While this feature can be turned off on the control unit, it seems useful to make the life of a potential attacker a bit harder
Case 1:
A small custom-build PLC. No matter what read request it receives, it always sends all the registers (13 or 14 if I remember correctly). To support this behaviour (in combination with our variable-register-size mode), I've added "Dummy Request Mode" to our Modbus driver options.
Case 2:
A control unit by https://www.comap-control.com. It supports "Authentication" for Modbus TCP. It means that the first thing the client has to do after a TCP connection is established is to write a password (up to 16 bytes) to a specific address. Then (if the password is correct) the unit is willing to accept read/write commands. Without a password, it only returns exception codes. To support this behaviour, I've added 3 more parameters - TCP Write Password (the data), TCP Password Address (register address), and TCP Password Function (6 or 16).
While this feature can be turned off on the control unit, it seems useful to make the life of a potential attacker a bit harder