Haven't tested the arp code yet (gotta add the action code from the other issue first). I'll build off of what you suggested in the other email and try and wrap it all together.
As a complete aside, my goal is to build an openflow switch that can do transparent redirect of attack traffic either to a honeypot or to an alternate port that has additional options for monitoring and response (more thorough IPS, more restrictive ACLs, etc, etc). White listed traffic would go through the main port and avoid these tools. This allows confidence that critical traffic will get through unhindered while still allowing deployment of advanced (and fallible) security measures. Unfortunately I'm much more of a security guy than I am a programmer =P. Gabe ________________________________________ From: Aaron Rosen [aro...@clemson.edu] Sent: Tuesday, February 28, 2012 4:29 PM To: Gabe Bassett Cc: nox-dev@noxrepo.org Subject: Re: [nox-dev] Best way to create ARP request Looks good at first glance. Is it not working or something? Aaron On Tue, Feb 28, 2012 at 5:20 PM, Gabe Bassett <g...@theengineer.org> wrote: > Does this look about right? > > HONEYPOT_PORT = 5 > HONEYPOT_IP = "10.0.0.5" > ARP_SOURCE_MAC = "00:00:00:00:00:10" > ARP_DESTINATION_MAC = "FF:FF:FF:FF:FF:FF" > ARP_PROBE_IP = "0.0.0.0" > > arp_packet = arp() > # how do you reference the IP address of > switch/controller/fake/anything? > # setting it to a fake MAC. as long as it comes back to the > SW it should be fine. > arp_packet.hwtype = arp.HW_TYPE_ETHERNET > arp_packet.prototype = arp.PROTO_TYPE_IP > arp_packet.hwsrc = octstr_to_array(ARP_SOURCE_MAC) > arp_packet.hwdst = octstr_to_array(ARP_DESTINATION_MAC) > arp_packet.hwlen = 6 > arp_packet.opcode = arp.REQUEST > arp_packet.protolen = 4 > arp_packet.protosrc = ipstr_to_int(ARP_PROBE_IP) > arp_packet.protodst = ipstr_to_int(HONEPOT_IP) > > > # Create the ethernet packet, fill in the info and set as > payload the arp > eth_pkt = ethernet() > eth_pkt.set_payload(arp_packet) > eth_pkt.type = ethernet.ARP_TYPE > eth_pkt.src = octstr_to_array(ARP_SOURCE_MAC) > eth_pkt.dst = octstr_to_array(ARP_DESTINATION_MAC) > logger.debug("arp pkt %s" % str(eth_pkt)) > > > # generate arp request for IP of honeypot on honeypot port > self.send_openflow_packet( dpid, eth_pkt.tostring(), > HONEPOT_PORT) > > ________________________________________ > From: Aaron Rosen [aro...@clemson.edu] > Sent: Tuesday, February 28, 2012 12:41 PM > To: Gabe Bassett > Cc: nox-dev@noxrepo.org > Subject: Re: [nox-dev] Best way to create ARP request > > Probably check this out: > http://noxrepo.org/pipermail/nox-dev/2011-February/007223.html > > Aaron > > On Tue, Feb 28, 2012 at 12:56 PM, Gabe Bassett <g...@theengineer.org> wrote: >> What is the best way to do a quick ARP request? I'm writting a form of a >> switch, but it may need to do an arp request to find a single IP. I'm >> hoping theres a simple function I can call to do the request. The normal >> switch functionality should add the reply to the switch arp cache. >> >> Thanks for the help. >> >> Gabe >> >> _______________________________________________ >> nox-dev mailing list >> nox-dev@noxrepo.org >> http://noxrepo.org/mailman/listinfo/nox-dev >> > > > > -- > Aaron O. Rosen > Masters Student - Network Communication > 306B Fluor Daniel > _______________________________________________ > nox-dev mailing list > nox-dev@noxrepo.org > http://noxrepo.org/mailman/listinfo/nox-dev -- Aaron O. Rosen Masters Student - Network Communication 306B Fluor Daniel _______________________________________________ nox-dev mailing list nox-dev@noxrepo.org http://noxrepo.org/mailman/listinfo/nox-dev