Intrusion Prevention

DNP3.Response.Storm

Description

This indicates that a server has received an unsolicited response. This type of message is usually reserved for alarm or other significant events. A large number of unsolicited responses could indicate an attempt at a Denial of Service attack. It is trivial for an attacker to use a DNP3 simulator to generate large amounts of malicious traffic.
The Distributed Network Protocol (DNP3) is an industry standard for inter-operations between devices and is commonly found in SCADA systems. DNP3 enables data and command exchange between a sever and a client device. The server sends commands and controls the operation of a client device.

Affected Products

DNP3 servers and clients.

Impact

Denial of Service.

Recommended Actions

Investigate the source of the traffic to verify it is malicious in nature.