Is it easy or difficult for an attacker with a compromised SDN switch (e.g., whitebox switch, traditional switch+Openflow interface) to perform flow table analysis (flow rules analysis) and packet analysis (e.g., header analysis, packet drop) within that compromised switch?
yes it is easy
you can show flow table in a switch with only one command. If you have a telnet connection with the switch and you record the data from the session you can analyze them easy in off-line mode.
i advice you to use ONOS it will give you gui detailed flow per switch or global. network. its also easy to install and offers a lot of features and applications....
A new simulator came i.e SharkFest.one can analyse traffic of the controller
Wireshark can dissect the switch/controller channel too and you have Python controllers too. Thus, the best you can do is harden your SDN switches, controllers and, last but not least, the SDN control plane. Use dedicated interfaces and an isolated network for it.
- Badges
- Science topic
- Similar topics
- Filing