0

I'm running mininet with a Tree Topology with 64 hosts (depth=2, fanout=4).I've used the L3_learning.py module of pox(version:eel) for my controller(I've just added some functions to this module, the code,itself is unchanged,so the l3_learning is used for routing).

I want to try running normal and ddos attack traffic on this network. The problem is that when i run normal traffic on a small number of hosts(less than 15 hosts), for example with interval 0.1 sec.( 10 packets per second), and some 3-victim attacks from 3 or 4 different sources, with interval 0.05 sec(20 packets per second) for a short time (just about 3-4 minutes!!),in the pox log i get this error:

ERROR:openflow.of_01:[00-00-00-00-00-01 1] OpenFlow Error:
[00-00-00-00-00-01 1] Error: header:
[00-00-00-00-00-01 1] Error: version: 1
[00-00-00-00-00-01 1] Error: type: 1 (OFPT_ERROR)
[00-00-00-00-00-01 1] Error: length: 76
[00-00-00-00-00-01 1] Error: xid: 11304
[00-00-00-00-00-01 1] Error: type: OFPET_BAD_REQUEST (1)
[00-00-00-00-00-01 1] Error: code: OFPBRC_BUFFER_UNKNOWN (8)
[00-00-00-00-00-01 1] Error: datalen: 64
[00-00-00-00-00-01 1] Error: 0000: 01 0e 00 60 00 00 2c 27  00 00 00 00 00 04 da 53 |...;............|
 .
 .
 .
 .

The rates i have used for traffics(10 packets/s, 20 packets/s) are very low, what is the cause of this error? Is there any packet rate limitation in mininet? Or is the problem related to using the l3_learning.py module of pox for the routing? I don't know how sholud i write my own routing solution!

And also one warning message is displayed through the simulation:

WARNING:forwarding.l3_learning: 5 4 not sending packet for 10.0.0.28 back out of the inport port
WARNING:forwarding.l3_learning: 2 7 not sending packet for 10.0.0.7 back out of the inport port
.
.
.

what does this message mean?

the normal and attack traffic sources are generated with this code:

def source():
  not_valid =[10,127,254,255,1,2,169,172,192]          
  first = randrange(1,256)      

  while first in not_valid:        
    first = randrange(1,256)         

  ip = ".".join([str(first),str(randrange(1,256)),                    
       str(randrange(1,256)),str(randrange(1,256))])    
  return ip

the destinations for attack is entered by the user(among 64 hosts). and the following lines sends the attack packets:

for i in xrange(0,10000):         
 packets = Ether()/IP(dst=dstIP,src=source())/TCP (dport=1,sport=80)         


sendp( packets,iface=interface.rstrip(),inter=0.05)

Thanks for your attention.

F. gh
  • 21
  • 5
  • Is the attack inbound or outbound? – SotirisTsartsaris Jan 09 '17 at 22:38
  • I’m not sure about the meaning of inbound/outbound attack. But I think it is inbound, because the purpose is making the sdn controller unavailable by flooding a large volume of packets. But because i’m just testing my algorithm, i’ve chosen low packet rates for now, and it’s strange that this low rates, causes this error after just 3-4 minutes! Does this error mean that the controller is overloaded ? If it does, I think it must take a longer time. I edited my post and added the code that generates the attack traffic. thank you – F. gh Jan 10 '17 at 07:47
  • If i'm not right about the meaning of inbound attack, please tell me. thanks – F. gh Jan 10 '17 at 08:03
  • Using a host of the mininet network ie. h1, to flood with requests (inbound). Using an external host ie. your computer (outbound) – SotirisTsartsaris Jan 10 '17 at 08:24
  • I run the normal and attack scripts on hosts of the mininet network.(using xterm h1,..),but the sources are randomly generated in the scripts(as mentioned before) – F. gh Jan 10 '17 at 08:36
  • Ok. Remove this function that creates the packets and the flood and use from any host, even an external one something like this. http://0daysecurity.com/articles/hping3_examples.html – SotirisTsartsaris Jan 10 '17 at 09:02
  • I used the command : (hping3 -c 10000 -d 120 -S -p 1 –flood –rand-source 10.0.0. * ) in the xterm window of 4 different hosts, for a longer duration. This time there was no error ! But again when I used the python script on about 10 hosts, to generate normal traffic(with interval 0.1) alongside the attack generated with hping3 command, that error appeared again! I saw in a paper that this scripts were used for traffic generation with scapy. – F. gh Jan 10 '17 at 11:55
  • Could you please tell me why this scripts causes error?! If I want to avoid using the scripts, how sholud I generate normal traffic with desired packet rate? Is the hping3 command used for normal traffic as well ? – F. gh Jan 10 '17 at 11:56
  • Yes. Adjust the rate and you are ok. Also consider Iperf. – SotirisTsartsaris Jan 10 '17 at 12:21
  • I will do that. but could you please tell me why the scripts cause that error?! Scapy is a good packet generator and as i mentioned i've seen those scripts are successfully used in a project. i want to know how can i try them without error. many thanks for your help. – F. gh Jan 10 '17 at 16:29

0 Answers0