Okay so here's the problem, I work for a power company and I send ICCP traffic over an MPLS network to another power company. Recently we upgraded one of our data historians and set up ICCP exactly the same way as it was on the previous server. There's really not much to ICCP. Anyway I can see my data values trying to reach out but Its not making it to the other power company. IPs subnet mask hasn't changed at all on the new server.
So I got on th phone with the other power company we both ran wireshark on our port to see what going on. And it looks like he's sending a COTP CR packet to initialize the connection and then my server responds back with another COTP DR (disconnect request) within milliseconds. So they're trying to reach out but I'm immediately shutting the down. Now the routers are older cisco 1900's and I believe they have an IPS built in. Do you think I'm onto something by contacting AT&T and having them look into the router ips?
At the moment my server is completely wide open on the windows firewall end I thought at first that the firewall wasn't playing nice so I opened it up completely and then was going to slowly lock it down. But that didn't seem to do jack. My server is essentially connected directly to the MPLS router and is not inline with our OT firewall. I'm really running out of ideas. I'm leaning on the MPLS routers being the issue. Any thoughts?
No comments:
Post a Comment