What does a man-in-the-middle (MITM) attack look like on an ICS/SCADA system? It isn't hard to find videos, presentations, and tutorials on IT-based MITM attacks, but ICS/SCADA systems don't react the same way in the presence of an attack. These systems, for the most part, were never designed with security in mind, so strange things happen when you run some of the freely available attack tools.
In this talk, I'll describe a series of MITM attacks that were run against an ICS/SCADA test system. I'll talk about how the control system reacted to the attacks. I'll also show some different configurations that were used during the testing and how the packet streams differed.