[Oisf-users] DNP3 Preprocessor Keyword Changes

Fred Austin fred.austin at n-dimension.com
Wed Aug 9 15:01:40 UTC 2017

Examining the lastest version (v1.3, 2015 on Github) of the Quickdraw IDS
rules set for Snort/Suricata the DNP3 rules, they contain dnp3 keywords
which are no longer supported, namely:

    - dnp3_cmd_fc
    - dnp3_cmd_ot
    - dnp3_checksum

The currently supported dnp3 keywords are:

    - dnp3_func
    - dnp3_ind
    - dnp3_obj
    - dnp3_data

I could not find any documentation about the previous dnp3 keywords
(dnp3_cmd_fc, etc). Does anyone have any documentation about the previous
dnp3 keywords and how they map to the new (supported) keywords? At first
guess, I would assume that "dnp3_cmd_fc" maps to "dnp3_func", but it is not
clear about the other keywords.

Fred Austin
VP Product Development
N-Dimension Solutions

*Cyber Security Protection for Critical Infrastructure Assets*This email
and any files transmitted with it are solely intended for the use of the
named recipient(s) and may contain information that is privileged and
confidential. If you receive this email in error, please immediately notify
the sender and delete this message in all its forms.  E-mail transmission
cannot be guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
contain viruses.  Therefore N-Dimension Solutions Inc. does not accept
liability for any errors or omission in the contents of the message which
arise as a result of e-mail transmission.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170809/227aa55e/attachment.html>

More information about the Oisf-users mailing list