Should an error occur during any part of the authentication process, the slave outstation (Geo SCADA Expert) will determine whether it needs to report that error to its DNP3 master. For example, the slave outstation might send a diagnostics message if it has issued a challenge in response to a critical request from its DNP3 master, but has either not received a response to that challenge, or received an incorrect response.
A malicious user may use a device to mount a denial-of-service attack against Geo SCADA Expert by repeatedly sending ‘bad’ authentication messages. They may also send repeated challenges in an attempt to learn about the slave outstation’s authentication. The Maximum Error Count setting helps to protect against such attacks by stopping the slave outstation from transmitting error messages once a defined limit has been exceeded. This is in accordance with the DNP3 standard.
Use the Maximum Error Count spin box on the Security tab to specify the maximum number of authentication errors that the Slave outstation is to generate:
You can specify a maximum error count of between 0 and 10 inclusive (with 2 being the default). Once this count has been exceeded, the slave outstation will no longer send authentication error messages to its DNP3 master.
The Maximum Error Count resets when either of the following occur:
- The slave outstation receives an authentic reply to its latest challenge
- The
If the error count is exceeded, the slave outstation will invalidate its Session Keys.
Further Information
Define Whether the Slave Outstation Logs Authentication and Key Change Information.
Aggressive Mode: see Specify Whether Aggressive Mode is Used.