SlideShare a Scribd company logo

Securing ARP in Software Defined Networks

Download as PPTX, PDF
Farzaneh Pakzad
Farzaneh Pakzad

The mapping of Layer 3 (IP) to Layer 2 (MAC) addresses is a key service in IP networks, and is achieved via the ARP protocol in IPv4, and the NDP protocol in IPv6. Due to their stateless nature and lack of authentication, both ARP and NDP are vulnerable to spoofing attacks, which can enable Denial of Service (DoS) or man-in-the-middle (MITM) attacks. In this paper, we discuss the problem of ARP spoofing in the context of Software Defined Networks (SDNs), and present a new mitigation approach which leverages the centralised network control of SDN.

Technology
1 of 1
Securing ARP in Software Defined Networks Talal Alharbi, Dario Durando, Farzaneh Pakzad and Marius Portmann School of ITEE The University of Queensland, Australia Solution: ARP_NAT Both ARP and NDP are vulnerable to spoofing or poisoning attacks, where an attacker can create false entries in a host’s ARP cache in IPv4 or Neighbour Cache in the case of IPv6 by simply injecting an ARP Request or Reply message with a false SPA field. h1 has been compromised and wants to poison host h2’s ARP cache and intercepts the communication between h2 and h3. Attack steps 1) Host h1 injects an ARP Request/Reply message with the SPA field set to IP address of h3, and the SHA field set to its own MAC address 2) Switch S1 receives the ARP packet, and sends to the controller, which instructs S1 to flood the packet. 3) Host h2 updates its ARP cache and adds an entry mapping the IP address 10.0.0.3 to the MAC address 00:00:00:00:00:01. Idea: “Sanitise” the ARP request by overwriting the potentially poisoned SPA and SHA fields with safe dummy values. OpenFlow Rules: 1. Overwritten ARP request is forwarded directly to target 2. Unseen ARP request is forwarded to the controller 3. Send all ARP reply messages to the controller 4. Drop ARP reply message if the target address is not the safe values. SDN A new approach to manage computer networks, where the control plane is separated from the data plane. Address Resolution Protocol (ARP) is an essential function in IPv4 networks to find the MAC address for a given IP address. Neighbour Discovery Protocol(NDP) is equivalent to ARP and used in IPv6 networks. ARP Payload is encapsulated in an Ethernet frame and includes: • SHA = The MAC address of the sender. • SPA = The IP address of the sender. • THA = The MAC address of the target. • TPA = The IP address of the target. Overhead: ARP_NAT significantly reduces controller CPU load (78.26%) and RTT (32%). Topology Discovery Update ARP cache Port 1 Port 2 Port 3 Port 2 Port 3 Port 1 Port 1 Port 2 Port 3 h1 h3h2 ARP pkt SPA = 10.0.0.3 SHA = 00:00:00:00:00:01 TPA = 10.0.0.2 THA = 00:00:00:00:00:00 First Step Second Step Third Step SDN Controller: POX Packet Manipulation Tool: Scapy Implemented in POX controller using: • Regular ARP (l2_learning) • Proxy ARP (arp_responder) H2’s ARP cache Evaluation Attack Feasibility DemonstrationBackground Problem Attack Success Tools

Recommended

Arp Cache Poisoning
Arp Cache PoisoningArp Cache Poisoning
Arp Cache PoisoningSubhash Kumar Singh
 
Arpspoofing
ArpspoofingArpspoofing
ArpspoofingUTD Computer Security Group
 
Gratuitous Address Resolution Protocol(G-ARP)
Gratuitous Address Resolution Protocol(G-ARP) Gratuitous Address Resolution Protocol(G-ARP)
Gratuitous Address Resolution Protocol(G-ARP) Sachin Khanna
 
Arp spoofing
Arp spoofingArp spoofing
Arp spoofingLuthfi Widyanto
 
Arpwatch
ArpwatchArpwatch
ArpwatchSantosh Shah
 
Packet sniffing in switched LANs
Packet sniffing in switched LANsPacket sniffing in switched LANs
Packet sniffing in switched LANsIshraq Al Fataftah
 
Nnnnnn
NnnnnnNnnnnn
Nnnnnnnautami
 
Arp config-arp
Arp config-arpArp config-arp
Arp config-arpRaafat younis
 

Recommended

Arp Cache Poisoning
Arp Cache PoisoningArp Cache Poisoning
Arp Cache PoisoningSubhash Kumar Singh
 
Arpspoofing
ArpspoofingArpspoofing
ArpspoofingUTD Computer Security Group
 
Gratuitous Address Resolution Protocol(G-ARP)
Gratuitous Address Resolution Protocol(G-ARP) Gratuitous Address Resolution Protocol(G-ARP)
Gratuitous Address Resolution Protocol(G-ARP) Sachin Khanna
 
Arp spoofing
Arp spoofingArp spoofing
Arp spoofingLuthfi Widyanto
 
Arpwatch
ArpwatchArpwatch
ArpwatchSantosh Shah
 
Packet sniffing in switched LANs
Packet sniffing in switched LANsPacket sniffing in switched LANs
Packet sniffing in switched LANsIshraq Al Fataftah
 
Nnnnnn
NnnnnnNnnnnn
Nnnnnnnautami
 
Arp config-arp
Arp config-arpArp config-arp
Arp config-arpRaafat younis
 
ICMP
ICMP ICMP
ICMP Ruhollah Arabi
 
Packet sniffing
Packet sniffingPacket sniffing
Packet sniffingShyama Bhuvanendran
 
Address resolution protocol
Address resolution protocolAddress resolution protocol
Address resolution protocolasimnawaz54
 
Packet capture in network security
Packet capture in network securityPacket capture in network security
Packet capture in network securityChippy Thomas
 
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsAPNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsSiena Perry
 
Address resolution protocol (ARP)
Address resolution protocol (ARP)Address resolution protocol (ARP)
Address resolution protocol (ARP)NetProtocol Xpert
 
Dhcp Snooping
Dhcp SnoopingDhcp Snooping
Dhcp SnoopingPrateek Baharani
 
Ccna 4 chapter 2 2011 v4
Ccna 4 chapter 2 2011 v4Ccna 4 chapter 2 2011 v4
Ccna 4 chapter 2 2011 v4Gabriela Martínez
 
Presentation on arp protocol
Presentation on arp protocolPresentation on arp protocol
Presentation on arp protocolMohd. Ahmad Siddiqi
 
SSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkSSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkAl Imran, CISA
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsSachidananda Sahu
 
Computer networks protocols
Computer networks protocolsComputer networks protocols
Computer networks protocolsMustafa Qamar-ud-Din
 
5. icmp
5. icmp5. icmp
5. icmpSwati Arora
 
Arp
ArpArp
ArpAnusuaBasu
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocolasimnawaz54
 
Ch07
Ch07Ch07
Ch07tejindershami
 
Address resolution protocol and internet control message protocol
Address resolution protocol and internet control message protocolAddress resolution protocol and internet control message protocol
Address resolution protocol and internet control message protocolasimnawaz54
 
ICMPV4
ICMPV4ICMPV4
ICMPV4rajshreemuthiah
 
Wireshark ppt
Wireshark pptWireshark ppt
Wireshark pptbala150985
 
Wireshark tcp
Wireshark tcpWireshark tcp
Wireshark tcpYasin Abdullah
 
Open flow
Open flowOpen flow
Open flowOded Rotter
 
SDN - OpenFlow protocol
SDN - OpenFlow protocolSDN - OpenFlow protocol
SDN - OpenFlow protocolUlf Marxen
 

More Related Content

What's hot

Address resolution protocol
Address resolution protocolAddress resolution protocol
Address resolution protocolasimnawaz54
 
Packet capture in network security
Packet capture in network securityPacket capture in network security
Packet capture in network securityChippy Thomas
 
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsAPNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsSiena Perry
 
Address resolution protocol (ARP)
Address resolution protocol (ARP)Address resolution protocol (ARP)
Address resolution protocol (ARP)NetProtocol Xpert
 
SSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkSSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkAl Imran, CISA
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsSachidananda Sahu
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocolasimnawaz54
 
Address resolution protocol and internet control message protocol
Address resolution protocol and internet control message protocolAddress resolution protocol and internet control message protocol
Address resolution protocol and internet control message protocolasimnawaz54
 

What's hot (20)

ICMP
ICMP ICMP
ICMP
 
Packet sniffing
Packet sniffingPacket sniffing
Packet sniffing
 
Address resolution protocol
Address resolution protocolAddress resolution protocol
Address resolution protocol
 
Packet capture in network security
Packet capture in network securityPacket capture in network security
Packet capture in network security
 
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsAPNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
 
Address resolution protocol (ARP)
Address resolution protocol (ARP)Address resolution protocol (ARP)
Address resolution protocol (ARP)
 
Dhcp Snooping
Dhcp SnoopingDhcp Snooping
Dhcp Snooping
 
Ccna 4 chapter 2 2011 v4
Ccna 4 chapter 2 2011 v4Ccna 4 chapter 2 2011 v4
Ccna 4 chapter 2 2011 v4
 
Presentation on arp protocol
Presentation on arp protocolPresentation on arp protocol
Presentation on arp protocol
 
SSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkSSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wireshark
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance tools
 
Computer networks protocols
Computer networks protocolsComputer networks protocols
Computer networks protocols
 
5. icmp
5. icmp5. icmp
5. icmp
 
Arp
ArpArp
Arp
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocol
 
Ch07
Ch07Ch07
Ch07
 
Address resolution protocol and internet control message protocol
Address resolution protocol and internet control message protocolAddress resolution protocol and internet control message protocol
Address resolution protocol and internet control message protocol
 
ICMPV4
ICMPV4ICMPV4
ICMPV4
 
Wireshark ppt
Wireshark pptWireshark ppt
Wireshark ppt
 
Wireshark tcp
Wireshark tcpWireshark tcp
Wireshark tcp
 

Viewers also liked

SDN - OpenFlow protocol
SDN - OpenFlow protocolSDN - OpenFlow protocol
SDN - OpenFlow protocolUlf Marxen
 
Ch 02 --- sdn and openflow architecture
Ch 02 --- sdn and openflow architectureCh 02 --- sdn and openflow architecture
Ch 02 --- sdn and openflow architectureYoram Orzach
 
Ch 03 --- the OpenFlow protocols
Ch 03 --- the OpenFlow protocolsCh 03 --- the OpenFlow protocols
Ch 03 --- the OpenFlow protocolsYoram Orzach
 
Ch 04 --- sdn deployment models
Ch 04 --- sdn deployment modelsCh 04 --- sdn deployment models
Ch 04 --- sdn deployment modelsYoram Orzach
 
Ch 01 --- introduction to sdn-nfv
Ch 01 --- introduction to sdn-nfvCh 01 --- introduction to sdn-nfv
Ch 01 --- introduction to sdn-nfvYoram Orzach
 
Software defined networks and openflow protocol
Software defined networks and openflow protocolSoftware defined networks and openflow protocol
Software defined networks and openflow protocolMahesh Mohan
 
Ch 05 --- nfv basics
Ch 05 --- nfv basicsCh 05 --- nfv basics
Ch 05 --- nfv basicsYoram Orzach
 
Software Defined Networks Network Function Virtualization Pivotal Technologies
Software Defined Networks Network Function Virtualization Pivotal TechnologiesSoftware Defined Networks Network Function Virtualization Pivotal Technologies
Software Defined Networks Network Function Virtualization Pivotal TechnologiesOpen Networking Summits
 
Tools and Platforms for OpenFlow/SDN
Tools and Platforms for OpenFlow/SDNTools and Platforms for OpenFlow/SDN
Tools and Platforms for OpenFlow/SDNUmesh Krishnaswamy
 
Network Analysis Using Wireshark 1
Network Analysis Using Wireshark 1Network Analysis Using Wireshark 1
Network Analysis Using Wireshark 1Yoram Orzach
 
Introduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVIntroduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVKingston Smiler
 

Viewers also liked (13)

Open flow
Open flowOpen flow
Open flow
 
SDN - OpenFlow protocol
SDN - OpenFlow protocolSDN - OpenFlow protocol
SDN - OpenFlow protocol
 
Ch 02 --- sdn and openflow architecture
Ch 02 --- sdn and openflow architectureCh 02 --- sdn and openflow architecture
Ch 02 --- sdn and openflow architecture
 
Ch 03 --- the OpenFlow protocols
Ch 03 --- the OpenFlow protocolsCh 03 --- the OpenFlow protocols
Ch 03 --- the OpenFlow protocols
 
Ch 04 --- sdn deployment models
Ch 04 --- sdn deployment modelsCh 04 --- sdn deployment models
Ch 04 --- sdn deployment models
 
Ch 01 --- introduction to sdn-nfv
Ch 01 --- introduction to sdn-nfvCh 01 --- introduction to sdn-nfv
Ch 01 --- introduction to sdn-nfv
 
Software defined networks and openflow protocol
Software defined networks and openflow protocolSoftware defined networks and openflow protocol
Software defined networks and openflow protocol
 
Ch 05 --- nfv basics
Ch 05 --- nfv basicsCh 05 --- nfv basics
Ch 05 --- nfv basics
 
Software Defined Networks Network Function Virtualization Pivotal Technologies
Software Defined Networks Network Function Virtualization Pivotal TechnologiesSoftware Defined Networks Network Function Virtualization Pivotal Technologies
Software Defined Networks Network Function Virtualization Pivotal Technologies
 
Tools and Platforms for OpenFlow/SDN
Tools and Platforms for OpenFlow/SDNTools and Platforms for OpenFlow/SDN
Tools and Platforms for OpenFlow/SDN
 
Network Analysis Using Wireshark 1
Network Analysis Using Wireshark 1Network Analysis Using Wireshark 1
Network Analysis Using Wireshark 1
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark Basics
 
Introduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVIntroduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFV
 

Similar to Securing ARP in Software Defined Networks

Volume 2-issue-6-2095-2097
Volume 2-issue-6-2095-2097Volume 2-issue-6-2095-2097
Volume 2-issue-6-2095-2097Editor IJARCET
 
Volume 2-issue-6-2095-2097
Volume 2-issue-6-2095-2097Volume 2-issue-6-2095-2097
Volume 2-issue-6-2095-2097Editor IJARCET
 
04 coms 525 tcpip - arp and rarp
04 coms 525 tcpip - arp and rarp04 coms 525 tcpip - arp and rarp
04 coms 525 tcpip - arp and rarpPalanivel Kuppusamy
 
MAC in the Address Resolution Protocol.pptx
MAC in the Address Resolution Protocol.pptxMAC in the Address Resolution Protocol.pptx
MAC in the Address Resolution Protocol.pptxmarunkumareee77
 
Communication networks_ARP
Communication networks_ARPCommunication networks_ARP
Communication networks_ARPGouravSalla
 
Os detection with arp
Os detection with arpOs detection with arp
Os detection with arpDavid Clark
 
Improved secure address resolution protocol
Improved secure address resolution protocolImproved secure address resolution protocol
Improved secure address resolution protocolcsandit
 
Unit 3:Enterprise Security
Unit 3:Enterprise SecurityUnit 3:Enterprise Security
Unit 3:Enterprise Securityprachi67
 
Networking with tcp ip Proficiency.pptx
Networking with tcp ip Proficiency.pptxNetworking with tcp ip Proficiency.pptx
Networking with tcp ip Proficiency.pptx0901CS201129TANAYMAN
 
Packet sniffing in LAN
Packet sniffing in LANPacket sniffing in LAN
Packet sniffing in LANArpit Suthar
 
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...IJNSA Journal
 
ARP Poisoning Attacks.ppt
ARP Poisoning Attacks.pptARP Poisoning Attacks.ppt
ARP Poisoning Attacks.pptYOUNESSKARAMI
 
Web technology and commerce unit 1
Web technology and commerce unit 1Web technology and commerce unit 1
Web technology and commerce unit 1arun0501
 
84486335 address-resolution-protocol-case-study
84486335 address-resolution-protocol-case-study84486335 address-resolution-protocol-case-study
84486335 address-resolution-protocol-case-studyhomeworkping3
 

Similar to Securing ARP in Software Defined Networks (20)

Networking.pdf
Networking.pdfNetworking.pdf
Networking.pdf
 
Volume 2-issue-6-2095-2097
Volume 2-issue-6-2095-2097Volume 2-issue-6-2095-2097
Volume 2-issue-6-2095-2097
 
Volume 2-issue-6-2095-2097
Volume 2-issue-6-2095-2097Volume 2-issue-6-2095-2097
Volume 2-issue-6-2095-2097
 
04 coms 525 tcpip - arp and rarp
04 coms 525 tcpip - arp and rarp04 coms 525 tcpip - arp and rarp
04 coms 525 tcpip - arp and rarp
 
MAC in the Address Resolution Protocol.pptx
MAC in the Address Resolution Protocol.pptxMAC in the Address Resolution Protocol.pptx
MAC in the Address Resolution Protocol.pptx
 
Communication networks_ARP
Communication networks_ARPCommunication networks_ARP
Communication networks_ARP
 
Packet sniffingin switch lans
Packet sniffingin switch lansPacket sniffingin switch lans
Packet sniffingin switch lans
 
ARP Spoofing.pptx
ARP Spoofing.pptxARP Spoofing.pptx
ARP Spoofing.pptx
 
Os detection with arp
Os detection with arpOs detection with arp
Os detection with arp
 
Improved secure address resolution protocol
Improved secure address resolution protocolImproved secure address resolution protocol
Improved secure address resolution protocol
 
Unit 3:Enterprise Security
Unit 3:Enterprise SecurityUnit 3:Enterprise Security
Unit 3:Enterprise Security
 
Networking with tcp ip Proficiency.pptx
Networking with tcp ip Proficiency.pptxNetworking with tcp ip Proficiency.pptx
Networking with tcp ip Proficiency.pptx
 
ARP
ARPARP
ARP
 
Packet sniffing in LAN
Packet sniffing in LANPacket sniffing in LAN
Packet sniffing in LAN
 
ARP.ppt
ARP.pptARP.ppt
ARP.ppt
 
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
 
6005679.ppt
6005679.ppt6005679.ppt
6005679.ppt
 
ARP Poisoning Attacks.ppt
ARP Poisoning Attacks.pptARP Poisoning Attacks.ppt
ARP Poisoning Attacks.ppt
 
Web technology and commerce unit 1
Web technology and commerce unit 1Web technology and commerce unit 1
Web technology and commerce unit 1
 
84486335 address-resolution-protocol-case-study
84486335 address-resolution-protocol-case-study84486335 address-resolution-protocol-case-study
84486335 address-resolution-protocol-case-study
 

Recently uploaded

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Recently uploaded (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

Securing ARP in Software Defined Networks

  • 1. Securing ARP in Software Defined Networks Talal Alharbi, Dario Durando, Farzaneh Pakzad and Marius Portmann School of ITEE The University of Queensland, Australia Solution: ARP_NAT Both ARP and NDP are vulnerable to spoofing or poisoning attacks, where an attacker can create false entries in a host’s ARP cache in IPv4 or Neighbour Cache in the case of IPv6 by simply injecting an ARP Request or Reply message with a false SPA field. h1 has been compromised and wants to poison host h2’s ARP cache and intercepts the communication between h2 and h3. Attack steps 1) Host h1 injects an ARP Request/Reply message with the SPA field set to IP address of h3, and the SHA field set to its own MAC address 2) Switch S1 receives the ARP packet, and sends to the controller, which instructs S1 to flood the packet. 3) Host h2 updates its ARP cache and adds an entry mapping the IP address 10.0.0.3 to the MAC address 00:00:00:00:00:01. Idea: “Sanitise” the ARP request by overwriting the potentially poisoned SPA and SHA fields with safe dummy values. OpenFlow Rules: 1. Overwritten ARP request is forwarded directly to target 2. Unseen ARP request is forwarded to the controller 3. Send all ARP reply messages to the controller 4. Drop ARP reply message if the target address is not the safe values. SDN A new approach to manage computer networks, where the control plane is separated from the data plane. Address Resolution Protocol (ARP) is an essential function in IPv4 networks to find the MAC address for a given IP address. Neighbour Discovery Protocol(NDP) is equivalent to ARP and used in IPv6 networks. ARP Payload is encapsulated in an Ethernet frame and includes: • SHA = The MAC address of the sender. • SPA = The IP address of the sender. • THA = The MAC address of the target. • TPA = The IP address of the target. Overhead: ARP_NAT significantly reduces controller CPU load (78.26%) and RTT (32%). Topology Discovery Update ARP cache Port 1 Port 2 Port 3 Port 2 Port 3 Port 1 Port 1 Port 2 Port 3 h1 h3h2 ARP pkt SPA = 10.0.0.3 SHA = 00:00:00:00:00:01 TPA = 10.0.0.2 THA = 00:00:00:00:00:00 First Step Second Step Third Step SDN Controller: POX Packet Manipulation Tool: Scapy Implemented in POX controller using: • Regular ARP (l2_learning) • Proxy ARP (arp_responder) H2’s ARP cache Evaluation Attack Feasibility DemonstrationBackground Problem Attack Success Tools