- About us
- Code of Conduct
- Google SoC
- Recent posts
- Security Workshops
The Conpot team recently introduced what we call the proxy module. Basically we forward the traffic from one service in Conpot to a service running on a real piece of hardware. This is a very successful technique when figuring out a unknown hardware or protocol. Next step then is to decode the messages logged in the proxy module. Most of this step is done by studying books of specifications, leaked manuals and offensive tools. This then gives us insight into the protocol, the commands sent and responses generated.
Using this technique, another milestone has been reached for the Conpot project: the ability to pose as a smart meter. As we surround ourselves with interconnected items, popularly called the internet of things, it is critical that we also provide ourselves the ability to investigate malicious actions against these. Under normal circumstances, most of the intriguing details of the internet of things is hidden away in proprietary implementations - for example: Most likely you have a smart meter installed in your house - but do you know WHO is actually connecting to your meter and which commands they are sending? Probably not - unless of course you outsmart your adversary and setup a Conpot instance.
The specific smart meter protocol we decided to implement was the Kamstrup protocol, potentially used in several hundred thousand smart meters deployed throughout the world.
After starting Conpot with the kamstrup_382 profile, Conpot answers to kamstrup commands just like a real smart meter and also provides realistic changes in power usage. Starting Conpot with the supplied kamstrup profile is as simple as: