DNP3.Response.Storm
Description
This indicates that a server has received an unsolicited response. This type of message is usually reserved for alarm or other significant events. A large number of unsolicited responses could indicate an attempt at a Denial of Service attack. It is trivial for an attacker to use a DNP3 simulator to generate large amounts of malicious traffic.
The Distributed Network Protocol (DNP3) is an industry standard for inter-operations between devices and is commonly found in SCADA systems. DNP3 enables data and command exchange between a sever and a client device. The server sends commands and controls the operation of a client device.
Affected Products
DNP3 servers and clients.
Impact
Denial of Service.
Recommended Actions
Investigate the source of the traffic to verify it is malicious in nature.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |