Finding SCADA honeypots on Shodan

I’ve come across a super secret stash of SCADA…

(and no, it’s not Eireann Leverett — that’s the other kind of ‘stache)!

It is the Internet connected SCADA honeypots. Head over to Shodan and you will see 58 results for “Mouser Factory”, which is a known default in the Conpot ICS honeypot.

mouser

You will also find 68 results for “Water valve control #27” — all hosted on Amazon.

Valve 27

Further investigation of these shows a certificate belonging to “US Government”, with a common name of “watercontrol.fortmeade.gov”, valid starting November 6, 2014:

certificate

Lesson: if you are looking for very valid results from Internet-connected ICS/SCADA honeypots research, you’ve got to blend in a little better!