DNP3
Utility standard for substation and water automation.
Protocol Functionality
Distributed Network Protocol (DNP3) is a master/outstation protocol designed for utilities, power stations, and water processing plants. It includes time synchronization and event logs, allowing outstations to buffer changes and report them during polling cycles.
Active Scan Crash Hazards
DNP3 units are frequently located in remote, low-bandwidth environments (cellular links, radio systems). Standard IT scanners launch heavy vulnerability checks (HTTP, FTP, SSH sweeps) on Port 20000. These packet bursts saturate the narrow links, causing DNP3 outstations to drop synchronization with the SCADA master, triggering priority alarm states.
Deterministic Safe Discovery
Solapse monitors telemetry passively or issues low-impact, native DNP3 link-status checks. We request only basic outstation attributes (Read Class 0) using small, single-packet commands. This ensures total link utilization stays under 1%, keeping critical telemetry updates flowing.
Security Best Practices
- Upgrade to DNP3 Secure Authentication (SAv5) to prevent spoofing commands.
- Isolate WAN outstations using encrypted VPN gateways.
- Establish SCADA master baselines to alarm on unexpected DNP3 read commands.
Need Safe Asset Auditing?
Validate compliance requirements continuously without introducing network risk. Join our waitlist.
Join Waitlist