In the paper, [1], the author introduced two kinds of topology attacks focus on the architecture of SDN and emphasized the weakness of the host tracking service and the link discovery service. And then, the paper provides the security extension, called Topoguard, for the Floodlight v0.9 controller.
A. Two topology attacks
The first attack as we mentioned, Host Location Hijacking Attack, is to send a fake request that the target host migrates to a new location trying to intercept packets and connections to the target host. This attack uses the weakness of the host tracking service that the controller simply follows the latest Packet-in message and does not check the identity of the request. Once the attacker send request with the same MAC …show more content…
This kind of attack uses the weakness of the mechanism of link discovery service that the host can involve into the link discovery operation. The general operation of finding internal link is following: At the first, after initialization, the controller contributes connection to all switches, while the internal link between switches is unknown. In order to find internal link, the controller will send the Packet-out message with the payload of LLDP packets to switches; Secondly, the switch will flood the LLDP packets to all enabled ports; Thirdly, when another switch receives the LLDP packets, it will send the Packet-in message with the payload of LLDP packets to the controller. Under this procedure, the switch cannot prevent the host to get the LLDP packet. However, if the host can reach two switches, the host can act as the transparent cable or wire to let the LLDP packet pass through. For the behavior, the host can inject the modified LLDP packet into the network or relay the original LLDP packet into another switch. As the result, when a switch receives the LLDP packet, the controller will receive a Packet-in message with the LLDP payload to show there is a link between two switches. Nevertheless, the link is the compromised host
A. Two topology attacks
The first attack as we mentioned, Host Location Hijacking Attack, is to send a fake request that the target host migrates to a new location trying to intercept packets and connections to the target host. This attack uses the weakness of the host tracking service that the controller simply follows the latest Packet-in message and does not check the identity of the request. Once the attacker send request with the same MAC …show more content…
This kind of attack uses the weakness of the mechanism of link discovery service that the host can involve into the link discovery operation. The general operation of finding internal link is following: At the first, after initialization, the controller contributes connection to all switches, while the internal link between switches is unknown. In order to find internal link, the controller will send the Packet-out message with the payload of LLDP packets to switches; Secondly, the switch will flood the LLDP packets to all enabled ports; Thirdly, when another switch receives the LLDP packets, it will send the Packet-in message with the payload of LLDP packets to the controller. Under this procedure, the switch cannot prevent the host to get the LLDP packet. However, if the host can reach two switches, the host can act as the transparent cable or wire to let the LLDP packet pass through. For the behavior, the host can inject the modified LLDP packet into the network or relay the original LLDP packet into another switch. As the result, when a switch receives the LLDP packet, the controller will receive a Packet-in message with the LLDP payload to show there is a link between two switches. Nevertheless, the link is the compromised host