DNP3.Response.Storm

description-logoDescription

This indicates that a server has received an unsolicited response. This type of message is usually reserved for alarm or other significant events. A large number of unsolicited responses could indicate an attempt at a Denial of Service attack. It is trivial for an attacker to use a DNP3 simulator to generate large amounts of malicious traffic.
The Distributed Network Protocol (DNP3) is an industry standard for inter-operations between devices and is commonly found in SCADA systems. DNP3 enables data and command exchange between a sever and a client device. The server sends commands and controls the operation of a client device.

affected-products-logoAffected Products

DNP3 servers and clients.

Impact logoImpact

Denial of Service.

recomended-action-logoRecommended Actions

Investigate the source of the traffic to verify it is malicious in nature.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)