DNP3 Preprocessor Rules
You must enable the DNP3 preprocessor rules in the following table if you want these rules to generate events and, in an inline deployment, drop offending packets.
|
Preprocessor Rule GID:SID |
Description |
|---|---|
|
145:1 |
When Log bad CRC is enabled, generates an event when the preprocessor detects a link layer frame with an invalid checksum. |
|
145:2 |
Generates an event and blocks the packet when the preprocessor detects a DNP3 link layer frame with an invalid length. |
|
145:3 |
Generates an event and blocks the packet during reassembly when the preprocessor detects a transport layer segment with an invalid sequence number. |
|
145:4 |
Generates an event when the DNP3 reassembly buffer is cleared before a complete fragment can be reassembled. This happens when a segment carrying the FIR flag appears after other segments have been queued. |
|
145:5 |
Generates an event when the preprocessor detects a DNP3 link layer frame that uses a reserved address. |
|
145:6 |
Generates an event when the preprocessor detects a DNP3 request or response that uses a reserved function code. |