Haven't tested the arp code yet (gotta add the action code from the other issue
first). I'll build off of what you suggested in the other email and try and
wrap it all together.
As a complete aside, my goal is to build an openflow switch that can do
transparent redirect of attack traffic either to a honeypot or to an alternate
port that has additional options for monitoring and response (more thorough
IPS, more restrictive ACLs, etc, etc). White listed traffic would go through
the main port and avoid these tools. This allows confidence that critical
traffic will get through unhindered while still allowing deployment of advanced
(and fallible) security measures.
Unfortunately I'm much more of a security guy than I am a programmer =P.
Gabe
________________________________________
From: Aaron Rosen [aro...@clemson.edu]
Sent: Tuesday, February 28, 2012 4:29 PM
To: Gabe Bassett
Cc: nox-dev@noxrepo.org
Subject: Re: [nox-dev] Best way to create ARP request
Looks good at first glance. Is it not working or something?
Aaron
On Tue, Feb 28, 2012 at 5:20 PM, Gabe Bassett <g...@theengineer.org> wrote:
> Does this look about right?
>
> HONEYPOT_PORT = 5
> HONEYPOT_IP = "10.0.0.5"
> ARP_SOURCE_MAC = "00:00:00:00:00:10"
> ARP_DESTINATION_MAC = "FF:FF:FF:FF:FF:FF"
> ARP_PROBE_IP = "0.0.0.0"
>
> arp_packet = arp()
> # how do you reference the IP address of
> switch/controller/fake/anything?
> # setting it to a fake MAC. as long as it comes back to the
> SW it should be fine.
> arp_packet.hwtype = arp.HW_TYPE_ETHERNET
> arp_packet.prototype = arp.PROTO_TYPE_IP
> arp_packet.hwsrc = octstr_to_array(ARP_SOURCE_MAC)
> arp_packet.hwdst = octstr_to_array(ARP_DESTINATION_MAC)
> arp_packet.hwlen = 6
> arp_packet.opcode = arp.REQUEST
> arp_packet.protolen = 4
> arp_packet.protosrc = ipstr_to_int(ARP_PROBE_IP)
> arp_packet.protodst = ipstr_to_int(HONEPOT_IP)
>
>
> # Create the ethernet packet, fill in the info and set as
> payload the arp
> eth_pkt = ethernet()
> eth_pkt.set_payload(arp_packet)
> eth_pkt.type = ethernet.ARP_TYPE
> eth_pkt.src = octstr_to_array(ARP_SOURCE_MAC)
> eth_pkt.dst = octstr_to_array(ARP_DESTINATION_MAC)
> logger.debug("arp pkt %s" % str(eth_pkt))
>
>
> # generate arp request for IP of honeypot on honeypot port
> self.send_openflow_packet( dpid, eth_pkt.tostring(),
> HONEPOT_PORT)
>
> ________________________________________
> From: Aaron Rosen [aro...@clemson.edu]
> Sent: Tuesday, February 28, 2012 12:41 PM
> To: Gabe Bassett
> Cc: nox-dev@noxrepo.org
> Subject: Re: [nox-dev] Best way to create ARP request
>
> Probably check this out:
> http://noxrepo.org/pipermail/nox-dev/2011-February/007223.html
>
> Aaron
>
> On Tue, Feb 28, 2012 at 12:56 PM, Gabe Bassett <g...@theengineer.org> wrote:
>> What is the best way to do a quick ARP request? I'm writting a form of a
>> switch, but it may need to do an arp request to find a single IP. I'm
>> hoping theres a simple function I can call to do the request. The normal
>> switch functionality should add the reply to the switch arp cache.
>>
>> Thanks for the help.
>>
>> Gabe
>>
>> _______________________________________________
>> nox-dev mailing list
>> nox-dev@noxrepo.org
>> http://noxrepo.org/mailman/listinfo/nox-dev
>>
>
>
>
> --
> Aaron O. Rosen
> Masters Student - Network Communication
> 306B Fluor Daniel
> _______________________________________________
> nox-dev mailing list
> nox-dev@noxrepo.org
> http://noxrepo.org/mailman/listinfo/nox-dev
--
Aaron O. Rosen
Masters Student - Network Communication
306B Fluor Daniel
_______________________________________________
nox-dev mailing list
nox-dev@noxrepo.org
http://noxrepo.org/mailman/listinfo/nox-dev
