I really like the idea of a SCADA honeypot. John Strand live-demoes a SCADA Honeypot. It uses several services which can later on be used to demonstrate (and lure an attacker) the life inside a SCADA universe.
You can download the SCADA Honeypot from here.
From the scadahoneynet site:
[The] goal of this project is to provide tools and to simulate a variety of industrial networks and devices. We see several uses for this project:
- Build a HoneyNet for attackers, to gather data on attacker trends and tools
- Provide a scriptable industrial protocol simulators to test a real live protocol implementation
- Research countermeasures, such as device hardening, stack obfuscation, reducing application information, and the effectiveness network access controls.
