Research Article
Detection and Blocking of Replay, False Command, and False Access Injection Commands in SCADA Systems with Modbus Protocol
Table 4
Output of frame filtering module (A: accept, R: reject).
| IP address (A/R) | Function code (A/R) | Starting address of registers (A/R) | Number of registers (A/R) | A/R | Reason for rejecting the frame |
| 192.168.1.1 (A) | 2 (A) | 0 × 10001 (A) | 10 (A) | A | Frame is accepted | 192.168.1.2 (A) | 5 (A) | 0 × 10005 (A) | 1 (A) | A | Frame is accepted | 192.168.1.3 (A) | 3 (A) | 0 × 40200 (A) | 500 (R) | R | Starting address + number of registers crosses the memory access limit | 192.168.1.4 (A) | 4 (R) | | | R | Function code 4 is not allowed for this master | 192.168.1.6 (R) | | | | R | IP address of master device not matching the list of configured addresses | 192.168.1.1 (A) | 4 (A) | 0 × 30526(R) | | R | The starting address is out of memory access | 192.168.1.3 (A) | 5 (A) | 0 × 00001 | 1 | R | The memory address is not configured | 192.168.1.1 (A) | 2(A) | 0 × 10010(A) | 25(A) | A | Frame is accepted |
|
|