Review of existing technologies

Review of existing technologies and relavency

Honeyd
Honeyd has facilities for easy simulation of TCP/IP stacks and applications.
Honeynet takes Nmap and Xprobe signatures through configuration files and sends packet responses to scans matching those signatures. Users can set up profiles, mapping IP addresses that Honeyd should respond to a corresponding device profile. When attackers Nmap or Xprobe scan the IP address which Honeyd is taking care of, he will be returned with packets matching the corresponding device profile.

Therefore using Honeyd, it would be possible to simultaneously simulate stacks of multiple IP based Industrial devices, provided the corresponding scanning tools (Nmap or Xprobe) has the knowledge of the signature. As of now, there are no signatures of Industrial devices in Nmap's database.
Honeyd allows the user to listen on a port and run a script on that particular port when anybody connects to that port. As of now, there are many scripts contributed to the project, which can simulate web pages, WSFTP servers and Cisco telnet servers.

Using this feature on Honeyd, it is possible to write scripts that simulated various Industrial Ethernet protocols. For example, it would be possible to simulate a Modbus/TCP server on port 502 and EtherNet/IP on ports 44818/2222.