DNP3 Technology Detection Scanner
This scanner detects the use of DNP3 technology in digital assets. It identifies devices that respond to queries using the DNP3 protocol.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
4 weeks
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
This scanner is used to detect devices communicating using the DNP3 protocol, commonly used in industrial control systems and SCADA networks. DNP3 is widely adopted in energy, water, and utility sectors for secure and reliable device communication.
The scanner checks for responses from devices on the DNP3 protocol. It identifies technology use and function codes, providing insights into the control mechanisms supported by the endpoint.
Technically, the scanner sends queries to a specified port (default 20000) and interprets the responses to distinguish valid DNP3 responses. It parses function IDs, checks data, and confirms protocol implementation.
Exploitation or improper exposure of DNP3 devices can lead to unauthorized access to critical infrastructure, enabling attackers to manipulate device settings or monitor sensitive operations.
REFERENCES
