프로토콜 정보

EtherNet/IP는 산업 자동화 제어 시스템에서 일반적으로 사용되는 산업용 이더넷 네트워킹 프로토콜입니다. 이 프로토콜은 1990년대 후반에 Rockwell Automation에서 개발되었으며 ODVA에서 관리됩니다. 이 프로토콜은 다중 공급업체 시스템 상호 운용성을 보장하며 수처리 공장, 제조 시설, 공공 시설 등 다양한 응용 분야에서 사용됩니다. EtherNet/IP 장치를 식별하기 위해 TCP/44818로 Identities Message (0x63) 목록을 보냅니다.

기본 포트: 44818 UDP/TCP

PORT      STATE SERVICE
44818/tcp open  EtherNet/IP

열거

Ethernet/IP

Ethernet/IP는 산업 자동화 시스템에서 널리 사용되는 통신 프로토콜입니다. 이 프로토콜은 TCP/IP를 기반으로 하며, 기계 간 통신을 위해 사용됩니다. Ethernet/IP는 CIP(Common Industrial Protocol)를 사용하여 데이터를 교환하며, 다양한 서비스와 기능을 제공합니다.

Enumeration Techniques

1. ARP Scanning

ARP 스캐닝은 Ethernet/IP 네트워크에서 사용 가능한 호스트를 식별하는 데 사용됩니다. ARP 스캐닝은 네트워크 상의 모든 호스트에 ARP 요청을 보내고, 응답을 통해 호스트의 IP 주소를 확인합니다.

2. CIP Services

Ethernet/IP는 CIP를 사용하여 데이터를 교환합니다. 따라서 CIP 서비스를 열거하여 시스템의 정보를 수집할 수 있습니다. 일반적으로 사용되는 CIP 서비스에는 다음과 같은 것들이 있습니다.

• Get Attribute Single (0x0E)

• Get Attribute All (0x01)

• Get Attribute List (0x55)

• Get Member (0x4C)

• Get Member List (0x4D)

• Get Instance Attribute List (0x56)

• Get Class Attribute List (0x57)

• Get Connection List (0x5A)

• Get Connection Owner (0x5B)

• Get Connection Size (0x5C)

• Get Connection Type (0x5D)

• Get Connection Status (0x5E)

• Get Connection Path (0x5F)

• Get Connection Target (0x60)

• Get Connection In Use (0x61)

• Get Connection Data (0x62)

• Get Connection Data Rate (0x63)

• Get Connection Priority (0x64)

• Get Connection Time (0x65)

• Get Connection Control (0x66)

• Get Connection Mode (0x67)

• Get Connection Sequence (0x68)

• Get Connection Acknowledge (0x69)

• Get Connection Error (0x6A)

• Get Connection Error Code (0x6B)

• Get Connection Error Info (0x6C)

• Get Connection Error Path (0x6D)

• Get Connection Error Object (0x6E)

• Get Connection Error Connection (0x6F)

• Get Connection Error Service (0x70)

• Get Connection Error Class (0x71)

• Get Connection Error Instance (0x72)

• Get Connection Error Attribute (0x73)

• Get Connection Error Member (0x74)

• Get Connection Error Code 1 (0x75)

• Get Connection Error Code 2 (0x76)

• Get Connection Error Code 3 (0x77)

• Get Connection Error Code 4 (0x78)

• Get Connection Error Code 5 (0x79)

• Get Connection Error Code 6 (0x7A)

• Get Connection Error Code 7 (0x7B)

• Get Connection Error Code 8 (0x7C)

• Get Connection Error Code 9 (0x7D)

• Get Connection Error Code 10 (0x7E)

• Get Connection Error Code 11 (0x7F)

• Get Connection Error Code 12 (0x80)

• Get Connection Error Code 13 (0x81)

• Get Connection Error Code 14 (0x82)

• Get Connection Error Code 15 (0x83)

• Get Connection Error Code 16 (0x84)

• Get Connection Error Code 17 (0x85)

• Get Connection Error Code 18 (0x86)

• Get Connection Error Code 19 (0x87)

• Get Connection Error Code 20 (0x88)

• Get Connection Error Code 21 (0x89)

• Get Connection Error Code 22 (0x8A)

• Get Connection Error Code 23 (0x8B)

• Get Connection Error Code 24 (0x8C)

• Get Connection Error Code 25 (0x8D)

• Get Connection Error Code 26 (0x8E)

• Get Connection Error Code 27 (0x8F)

• Get Connection Error Code 28 (0x90)

• Get Connection Error Code 29 (0x91)

• Get Connection Error Code 30 (0x92)

• Get Connection Error Code 31 (0x93)

• Get Connection Error Code 32 (0x94)

• Get Connection Error Code 33 (0x95)

• Get Connection Error Code 34 (0x96)

• Get Connection Error Code 35 (0x97)

• Get Connection Error Code 36 (0x98)

• Get Connection Error Code 37 (0x99)

• Get Connection Error Code 38 (0x9A)

• Get Connection Error Code 39 (0x9B)

• Get Connection Error Code 40 (0x9C)

• Get Connection Error Code 41 (0x9D)

• Get Connection Error Code 42 (0x9E)

• Get Connection Error Code 43 (0x9F)

• Get Connection Error Code 44 (0xA0)

• Get Connection Error Code 45 (0xA1)

• Get Connection Error Code 46 (0xA2)

• Get Connection Error Code 47 (0xA3)

• Get Connection Error Code 48 (0xA4)

• Get Connection Error Code 49 (0xA5)

• Get Connection Error Code 50 (0xA6)

• Get Connection Error Code 51 (0xA7)

• Get Connection Error Code 52 (0xA8)

• Get Connection Error Code 53 (0xA9)

• Get Connection Error Code 54 (0xAA)

• Get Connection Error Code 55 (0xAB)

• Get Connection Error Code 56 (0xAC)

• Get Connection Error Code 57 (0xAD)

• Get Connection Error Code 58 (0xAE)

• Get Connection Error Code 59 (0xAF)

• Get Connection Error Code 60 (0xB0)

• Get Connection Error Code 61 (0xB1)

• Get Connection Error Code 62 (0xB2)

• Get Connection Error Code 63 (0xB3)

• Get Connection Error Code 64 (0xB4)

• Get Connection Error Code 65 (0xB5)

• Get Connection Error Code 66 (0xB6)

• Get Connection Error Code 67 (0xB7)

• Get Connection Error Code 68 (0xB8)

• Get Connection Error Code 69 (0xB9)

• Get Connection Error Code 70 (0xBA)

• Get Connection Error Code 71 (0xBB)

• Get Connection Error Code 72 (0xBC)

• Get Connection Error Code 73 (0xBD)

• Get Connection Error Code 74 (0xBE)

• Get Connection Error Code 75 (0xBF)

• Get Connection Error Code 76 (0xC0)

• Get Connection Error Code 77 (0xC1)

• Get Connection Error Code 78 (0xC2)

• Get Connection Error Code 79 (0xC3)

• Get Connection Error Code 80 (0xC4)

• Get Connection Error Code 81 (0xC5)

• Get Connection Error Code 82 (0xC6)

• Get Connection Error Code 83 (0xC7)

• Get Connection Error Code 84 (0xC8)

• Get Connection Error Code 85 (0xC9)

• Get Connection Error Code 86 (0xCA)

• Get Connection Error Code 87 (0xCB)

• Get Connection Error Code 88 (0xCC)

• Get Connection Error Code 89 (0xCD)

• Get Connection Error Code 90 (0xCE)

• Get Connection Error Code 91 (0xCF)

• Get Connection Error Code 92 (0xD0)

• Get Connection Error Code 93 (0xD1)

• Get Connection Error Code 94 (0xD2)

• Get Connection Error Code 95 (0xD3)

• Get Connection Error Code 96 (0xD4)

• Get Connection Error Code 97 (0xD5)

• Get Connection Error Code 98 (0xD6)

• Get Connection Error Code 99 (0xD7)

• Get Connection Error Code 100 (0xD8)

• Get Connection Error Code 101 (0xD9)

• Get Connection Error Code 102 (0xDA)

• Get Connection Error Code 103 (0xDB)

• Get Connection Error Code 104 (0xDC)

• Get Connection Error Code 105 (0xDD)

• Get Connection Error Code 106 (0xDE)

• Get Connection Error Code 107 (0xDF)

• Get Connection Error Code 108 (0xE0)

• Get Connection Error Code 109 (0xE1)

• Get Connection Error Code 110 (0xE2)

• Get Connection Error Code 111 (0xE3)

• Get Connection Error Code 112 (0xE4)

• Get Connection Error Code 113 (0xE5)

• Get Connection Error Code 114 (0xE6)

• Get Connection Error Code 115 (0xE7)

• Get Connection Error Code 116 (0xE8)

• Get Connection Error Code 117 (0xE9)

• Get Connection Error Code 118 (0xEA)

• Get Connection Error Code 119 (0xEB)

• Get Connection Error Code 120 (0xEC)

• Get Connection Error Code 121 (0xED)

• Get Connection Error Code 122 (0xEE)

• Get Connection Error Code 123 (0xEF)

• Get Connection Error Code 124 (0xF0)

• Get Connection Error Code 125 (0xF1)

• Get Connection Error Code 126 (0xF2)

• Get Connection Error Code 127 (0xF3)

• Get Connection Error Code 128 (0xF4)

• Get Connection Error Code 129 (0xF5)

• Get Connection Error Code 130 (0xF6)

• Get Connection Error Code 131 (0xF7)

• Get Connection Error Code 132 (0xF8)

• Get Connection Error Code 133 (0xF9)

• Get Connection Error Code 134 (0xFA)

• Get Connection Error Code 135 (0xFB)

• Get Connection Error Code 136 (0xFC)

• Get Connection Error Code 137 (0xFD)

• Get Connection Error Code 138 (0xFE)

• Get Connection Error Code 139 (0xFF)

3. CIP Object Model

CIP 객체 모델은 Ethernet/IP 네트워크에서 사용되는 객체의 계층 구조를 설명합니다. CIP 객체 모델을 분석하여 시스템의 구성 요소와 관련된 정보를 파악할 수 있습니다.

4. CIP Class Codes

CIP 클래스 코드는 Ethernet/IP 네트워크에서 사용되는 클래스의 식별자입니다. CIP 클래스 코드를 분석하여 시스템의 클래스와 관련된 정보를 수집할 수 있습니다.

5. CIP Instance Codes

CIP 인스턴스 코드는 Ethernet/IP 네트워크에서 사용되는 인스턴스의 식별자입니다. CIP 인스턴스 코드를 분석하여 시스템의 인스턴스와 관련된 정보를 수집할 수 있습니다.

6. CIP Attribute Codes

CIP 속성 코드는 Ethernet/IP 네트워크에서 사용되는 속성의 식별자입니다. CIP 속성 코드를 분석하여 시스템의 속성과 관련된 정보를 수집할 수 있습니다.

References

• https://en.wikipedia.org/wiki/EtherNet/IP

• https://www.ethernet-ip.org/

nmap -n -sV --script enip-info -p 44818 <IP>
pip3 install cpppo
python3 -m cpppo.server.enip.list_services [--udp] [--broadcast] --list-identity -a <IP>

Shodan

• port:44818 "제품 이름"