| Protocol | IEC-60870-5-104 |
|---|---|
| Name | IEC-60870-5-104 |
| Aliases | IEC-104 |
| Description | Grid communication protocol for control and monitoring |
| Port(s) | 2404/tcp |
| Access to specs | Paid |
| Specifications | IEC-60870-5-104 Specification |
| Nmap script(s) | iec-identify.nse |
| Wireshark dissector | packet-iec104.c |
| Scapy layer | iec104.py |
| Example Pcap(s) | ICS-pcap IEC-60870-5-104, Industroyer2 pcap samples |
| Related CVE | CVE-2018-10603 |
- Industroyer/Crashoverride: Zero Things Cool About a Threat Group Targeting the Power Grid - Anton Cherepanov, Ben Miller, Joe Slowik, Robert Lee, and Robert Lipovsky @ Black Hat USA (2017)
- Industroyer2: Sandworm's Cyberwarfare Targets Ukraine's Power Grid Again - Robert Lipovsky & Anton Cherepanov @ Black Hat USA (2022)
- Description and analysis of IEC 104 Protocol - Technical report by Petr Matousek @ Faculty of Information Techology, Czech Republic (2017)
- FreyrSCADA IEC-60870-5-104 - IEC 60870-5-104 Protocol - RTU Server and Master Client Simulator
- lib60870 - Implementation of the IEC 60870-5-101/104 protocol