Programming Plc from the Internet behind a Router.

damica1

Member
Join Date
Aug 2015
Location
Illinois
Posts
839
Just in case others may need or want this information.

So you have a Micro820 behind a router/firewall on the plant floor you need to reprogram with CCW from your house.

Here is the example:

Let's say the public IP of the router = 166.156.102.133

The LAN side of the router is 10.1.2.1 and the IP of PLC = 10.1.2.100.
You will have to port forward 44818 to 10.1.2.100.

Now in CCW add the "Ethernet Devices" driver (This driver allows CCW to see devices that are NOT on the same network)

Once this driver is added you will have to manually add the IP address of the device you want to communicate with (That will be the Public IP 166.156.102.133)

Now open up "setup connection path" and choose the new driver it will show the IP address you just added click on it so it is now in the BOX that holds the connection path. Then add a :(colon and 44818) this is the port number.

Click on connect and you will connect to PLC.

The AB-ETHIP driver will only communicate with device on the same network.

The AB-ETH driver will communicate will devices not on the same network.
 
This is great when in a pinch, but very dangerous. Any port-scanning script kiddy can now access your PLC.
 
Yeah, the best bet for this would be to speak with the IT department and create a VPN solution. Although we all know how that can go sometimes...

Logging into the VPN will allow you access to your company's network and should be a more secure option.

Port forwarding is generally frowned upon, but admittedly I've used it to because... well... it works.
 
I agree - should be used wisely!

I'm going to go so far as to say that you should not use this at all, even temporarily.

The proper way to set this up is to use a VPN. VPN has a VPN specific subnet/address range. Then that VPN IP is forwarded to the subnet with your PLC device.

Example:

VPN IP pool: 10.1.7.xxx
PLC Address: 192.168.1.xxx

Port forward rule: 10.1.7.0 to 192.168.1.0

I can give hardware specific device if offered. I have a lot of experience and have had a ton of luck flashing wrt-based firmware onto any old router so that VPN functionality can be added to the hardware. I recently just realized that a wireless router I did this with for a friend of mine has been up for over 2 years.
 
There is a specialized search engine actively scanning worldwide looking for exactly this type of vulnerability; Shodan.io

It's worth the time and money to buy or build a VPN appliance or other VPN-based connection to get through any factory firewall.

The information about configuration of the Ethernet Devices driver is well-received, especially the part about specifying the TCP Port.

If you don't specify the TCP Port and have not connected previously to that specific PLC, then the Ethernet Devices driver will attempt to figure out if the PLC is a classic PLC5E/SLC-5/05 or a modern EtherNet/IP device. It tries to connect first to TCP Port 2222, and once it sees three connection refusals, then tries TCP Port 44818.

Somebody in the IT department cleverly called the three sequential connection refusals the "Judas Timeout".

I discovered once that some Cisco PIX firewalls consider multiple rapid connection attempts (with no intervening packets) to the same TCP Port number to be the signature of a cyber attack and will result in the firewall shutting down the port.

When you enter "192.16.1.180:44818" then the Ethernet Devices driver knows explicitly that the device uses EtherNet/IP and does not attempt to connect to TCP port 2222 first.
 
Currently many companies have employees who work from home or from any place through a VPN.

You just have to tell the IT department of that plant that you are going to be one more.
 
we purchased a login system that we route through into the plant.
we can then program / modify any plc / scada system.

if they are not on the network, we have maintenance connect their laptop and remote into it.

an open system like what you describe is too dangerous in my opinion.
you get a virus in the plant or get hijacked and your the one in serious trouble!

james
 

Similar Topics

Hello colleagues, Some time ago I started my adventure with programming. With your help and the courses, things are starting to come together...
Replies
13
Views
593
Dear All, I need a sample PLC program to count the output pulse of a mass flow meter so that a specific amount of mass (for example 100gm)can be...
Replies
2
Views
82
Hi Please I have zeilo smart relay #SR2A201BD but I don't have it's programming cable. Can I use any general usb/rs232 converter? Or need...
Replies
2
Views
80
Hi, Does anyone have thoughts or know of, can point in the right direction any published materials with a plumbing centric point of you explaining...
Replies
1
Views
125
@ All: what is your best guess on a potential range in increase in efficiency in % (i.e. saved programming hours, greater output, etc.) when...
Replies
5
Views
291
Back
Top Bottom