Network Manipulation Using Network Scanning in SDN

Introduction

Software-defined networking is a term which includes several network technologies which were aimed at making the network flexible as the server which is virtualized and the storage mechanism of the latest and modern data centres. Software-defined networks can also be defined as the separation of the control plane from the forwarding plane and that control plane consists of multiple devices. The aim of SDN is to allow the network administrators and the engineers to adapt to the changing business requirements. In case of Software-defined networks, the administrator can manage traffic from a central control eliminating the need to operate switches and is also capable of delivering services wherever required without considering to what the server or hardware components are connected to. The key technologies for implementing Software-defined networks are functional separation, network virtualization, and automation through programmability. The major advantages of SDN are that it is dynamic, manageable, cost-effective, adaptable, and ideal for high bandwidth and also it decouples the network control and forwarding functions.

A Software-defined application is a program that is designed to perform in a software-defined environment. SDN applications can replace and add functionalities to the hardware devices of a network implemented through the firmware. SDN architecture has several forms. Following is the SDN architecture which is based on SDN controllers. The first tier is the physical layer which consists of all the hardware devices and cables required. In case of an SDN controller, network control is separated from the hardware and given to the software application. Controllers which are used to start and terminate the traffic make up the second layer of the SDN architecture. The third layer consists of Software-defined applications which control the functions using the SDN controller. Some types of SDN applications consist of programs which can be used for network virtualization, network monitoring, intrusion detection, flow balancing and so on (Ali et al., 2015).

Software-defined network attacks have unfortunately become a reality today and an attacker uses several exploits to breach through the network. Since this technology is not familiar to most of the network engineers and the history of attacks in SDN remains unknown, thousands of vulnerabilities are out there. In traditional networking, the control and data plane tend to exist on each device whereas in SDN the two planes are separated. In order to enhance flexibility, the control plane is placed on an SDN controller and the data plane is located on the physical or virtual switch. Both planes communicate through a protocol named OpenFlow.

Possible vulnerabilities in software-defined networks include

• •

  Connecting to the passive listening ports most software-defined networks switches include for debugging in order to retrieve the flow tables.

• •

  Using information from the flow table such as round-trip time variation.

• •

  Also, the traffic can be sniffed due to limited protection.

• •

  Also, the vulnerabilities in switches and operating systems can be used to exploit those networks.

• •

  Base control OpenFlow errors.

• •

  Making use of malicious controllers to send malicious instructions to the devices in SDN.

• •

  Perform man in the middle attack to modify the instruction sent by the trusted controller to the devices present.

Whenever an attack happens at the target an action is taken to counteract that threat or damage, this is called a Countermeasure. Possible countermeasures for the above-listed attacks are