cover of episode Gregory Pickett - Abusing Software Defined Networks

Gregory Pickett - Abusing Software Defined Networks

2014/12/13
logo of podcast DEF CON 22 [Materials] Speeches from the Hacker Convention.

DEF CON 22 [Materials] Speeches from the Hacker Convention.

Frequently requested episodes will be transcribed first

Shownotes Transcript

Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Pickett/DEFCON-22-Gregory-Pickett-Abusing-Software-Defined-Networks-UPDATED.pdf

Abusing Software Defined Networks Gregory Pickett CYBERSECURITY OPERATIONS, HELLFIRE SECURITY Software Defined Networking (SDN) transfers all forwarding decisions to a single controller and provides the network with the same degree of control and flexibility as the cloud. And with all the major vendors onboard, it will soon be supporting networks everywhere. But current implementations are full of weaknesses that could easily turn this utopian dream of the future into a nightmare and leave networks world-wide exposed.

With clear-text wire protocol implementations, little support for switch TLS, no authentication for nodes, poorly conceived rate-limiting features in the controllers, controller APIs that don’t require authentication , and back-door netconf access, the leading platforms Floodlight and OpenDaylight, are ripe for attack.

And in this session, using a new toolkit that I developed, I’ll demonstrate by showing you how to locate and identify these controllers, impersonate switches to DoS them, and engage their wide-open APIs and backdoors to map the network, locate targets, and control access to the network … even hide from sensors. But all is not lost, because I’ll show how to protect them too. Because dream or nightmare, SDN can make a difference in the real world if we just protect it right.

Gregory Pickett CISSP, GCIA, GPEN has a background in intrusion analysis for Fortune 100 companies but now heads up Hellfire Security’s Managed Security Services efforts and participates in their assessment practice as a network security subject matter expert. As a security professional, his primary area of focus and occasional research is networks with an interest in using network traffic to better understand, to better defend, and sometimes to better exploit the hosts that live on them. He holds a B.S. in Psychology which is completely unrelated but interesting to know. While it does nothing to contribute to how he makes a living, it does demonstrate how screwed up he actually is.

site: www.hellfiresecurity.com projects: sourceforge.net/users/shogun7273 twitter: @shogun7273