The Open Networking Foundation defines SDN as “The physical separation of the network control plane from the forwarding plane, and where a control plane controls several devices”. What this means is that the decision making which would traditionally be performed by a router or a switch (i.e. forwarding decisions), is moved to a central device known as a controller. Routers and switches become generic forwarding devices (also known simply as ‘switches’). These forwarding devices, or switches, communicate with the controller at the Southbound Interface (SBI) in order to receive instructions on how to forward network traffic. Applications may communicate with the controller at the Northbound Interface (NBI) to receive network statistics or influence traffic forwarding decisions.
First download sdnpwn using git
Make the sdnpwn.py and setup.sh scripts executable
git clone https://github.com/smythtech/sdnpwn
The setup.sh script takes care installing software required for sdnpwn to function. Just run ./setup.sh and follow the instructions.
sudo chmod +x sdnpwn.py
sudo chmod +x setup.sh
Functionality in sdnpwn is divided into different modules. Each attack or attack type is available from a certain module.
Modules can be executed like so:
The mods module can be used to list all available modules:
./sdnpwn.py <module name> <module options>
More information about a certain module can be accessed using the info module:
The above command would retrieve more information about the mods module, such as a description and available options.
./sdnpwn.py info mods
Check out https://sdnpwn.net for articles and tutorials on using various sdnpwn modules and the attacks they use.