Geo SCADA Expert can detect errors during any part of the authentication process
A malicious user may use a device to mount a denial-of-service attack against Geo SCADA Expert by repeatedly sending ‘bad’ authentication messages. They may also send repeated challenges in an attempt to learn about Geo SCADA Expert’s authentication. The Maximum Error Count setting helps to protect against such attacks by stopping Geo SCADA Expert from transmitting error messages once a defined limit has been exceeded. This is in accordance with the DNP3 standard.
Use the Maximum Error Count spin box on the Security tab to specify the maximum number of authentication error messages that Geo SCADA Expert is to send to this outstation:
You can specify a maximum error count of between 0 and 10 inclusive (with 2 being the default). Once this count has been exceeded, Geo SCADA Expert will no longer send authentication error messages to this outstation.
The error count resets when either of the following occur:
- Geo SCADA Expert receives an authentic reply to its latest challenge
- The
If the error count is exceeded in Geo SCADA Expert for any reason, Geo SCADA Expert will initiate a Session Key Change.
If the error count is exceeded during a Session Key Change, Geo SCADA Expert will assume that the outstation does not support DNP3 Secure Authentication, or does not have DNP3 Secure Authentication enabled. Further communications will proceed without any authentication while the outstation remains online. (Should this occur, correct the configuration in the relevant device so that there is no longer a security mismatch.)
Further Information
Define Whether Geo SCADA Expert Logs Authentication and Key Change Information.
Aggressive Mode: see Specify Whether Aggressive Mode is Used.