It is currently 18-12-2017 10:01

Attack Know Your Enemy allows you to get important information about the target infrastructure, SDN network

Attack Know Your Enemy allows you to get important information about the target infrastructure, SDN network

by sigismund » 2016-08-24 10:57:53


the Attacker can potentially connect to ports of the router to intercept traffic or to remember proekspluatirovat vulnerabilities in OS switch.


A group of Italian researchers has developed a new attack method that allows to obtain important information about the configuration of software-defined networking (Software-defined networking, SDN), including information on network behavior, and network virtualization, policies, and configuration tools of protection.

The main element of the concept of SDN is the Openflow Protocol that provides interaction between the controller and network devices. The controller is used to control the flow tables of switches on the basis of which the decision on the transfer of the received packet on a specific port on the switch.

Even a single flow table may provide important information or be used to attack strannim channels, the researchers said. For example, the attacker could potentially connect to the router ports used for remote debugging and remove the flow table, intercept traffic, remember proekspluatirovat vulnerabilities in an OS switch, or make a copy of the table of content of memory.

According to the researchers, the problem does not affect any particular device. The attack, dubbed " Know Your Enemy, exploiting the structural vulnerability of software-defined networks, which arises from the specifics of the control network flow. Because SDN is designed to interact with the network by sending flow rules in switches, the attacker must determine the conditions under which the controller sends the rule to the device and find out which policy to trigger a specific rule.
According to experts, the architects SDN networks need to implement the technology of obfuscation of threads to prevent the operation of the SDN answers with the aim of gain access to important information.

"If the offender will not be able to determine which network flow leads to the installation of any specific rules, attack Know Your Enemy will be useless," - said the researchers.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5