DNP3 Preprocessor Rules
You must enable the DNP3 preprocessor rules in the following table if you want these rules to generate events and, in an inline deployment, drop offending packets.
Preprocessor Rule GID:SID |
Description |
---|---|
145:1 |
When Log bad CRC is enabled, generates an event when the preprocessor detects a link layer frame with an invalid checksum. |
145:2 |
Generates an event and blocks the packet when the preprocessor detects a DNP3 link layer frame with an invalid length. |
145:3 |
Generates an event and blocks the packet during reassembly when the preprocessor detects a transport layer segment with an invalid sequence number. |
145:4 |
Generates an event when the DNP3 reassembly buffer is cleared before a complete fragment can be reassembled. This happens when a segment carrying the FIR flag appears after other segments have been queued. |
145:5 |
Generates an event when the preprocessor detects a DNP3 link layer frame that uses a reserved address. |
145:6 |
Generates an event when the preprocessor detects a DNP3 request or response that uses a reserved function code. |