BYR Achieve · 镜像论坛

突然之间，想把做过的代码贴出来。 ping欺骗，原理很简单，即无论你ping什么IP地址，我都可以给你回复这个地址存在，而实际上不存在，从而实现欺骗。推而广之，就可以进行许多基于IP欺骗的小把戏。首先，需要对ARP进行相应： # Copyright 2011,2012 James McCauley # # This file is part of POX. # # POX is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # POX is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with POX. If not, see <http://www.gnu.org/licenses/>. """ A stupid L3 switch For each switch: 1) Keep a table that maps IP addresses to MAC addresses and switch ports. Stock this table using information from ARP and IP packets. 2) When you see an ARP query, try to answer it using information in the table from step 1. If the info in the table is old, just flood the query. 3) Flood all other ARPs. 4) When you see an IP packet, if you know the destination port (because it's in the table from step 1), install a flow for it. """ from pox.core import core import pox log = core.getLogger() from pox.lib.packet.ethernet import ethernet, ETHER_BROADCAST from pox.lib.packet.ipv4 import ipv4 from pox.lib.packet.arp import arp from pox.lib.addresses import IPAddr, EthAddr from pox.lib.util import str_to_bool, dpidToStr from pox.lib.recoco import Timer from pox.lib.packet.icmp import icmp import pox.openflow.libopenflow_01 as of from pox.lib.revent import * import time class lie(): def cheat(self,event,dpid): inport = event.port packet = event.parsed a=packet.next print a.protodst if a.protodst == "10.10.1.0": print "pretend arp" r = arp() r.hwtype = a.hwtype r.prototype = a.prototype r.hwlen = a.hwlen r.protolen = a.protolen r.opcode = arp.REPLY r.hwdst = a.hwsrc r.protodst = a.protosrc r.protosrc = a.protodst r.hwsrc = EthAddr("BC:AE:C5:43:58:DC") e = ethernet(type=packet.type, src=r.hwsrc, dst=r.hwdst) e.set_payload(r) log.debug("%i %i answering ARP for %s" % (dpid, inport, str(r.protosrc))) msg = of.ofp_packet_out() msg.data = e.pack() msg.actions.append(of.ofp_action_output(port = of.OFPP_IN_PORT)) msg.in_port = inport event.connection.send(msg) return 这是自己写的一个基于Openflow协议下的小文件，语言用是Python。想必研究SDN的人这个就不用多说了。回复完 ARP之后，我们还需要回复ICMP包： # Copyright 2011,2012 James McCauley # # This file is part of POX. # # POX is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # POX is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with POX. If not, see <http://www.gnu.org/licenses/>. """ A stupid L3 switch For each switch: 1) Keep a table that maps IP addresses to MAC addresses and switch ports. Stock this table using information from ARP and IP packets. 2) When you see an ARP query, try to answer it using information in the table from step 1. If the info in the table is old, just flood the query. 3) Flood all other ARPs. 4) When you see an IP packet, if you know the destination port (because it's in the table from step 1), install a flow for it. """ from pox.core import core import pox log = core.getLogger() from pox.lib.packet.ethernet import ethernet, ETHER_BROADCAST from pox.lib.packet.ipv4 import ipv4 from pox.lib.packet.arp import arp from pox.lib.addresses import IPAddr, EthAddr from pox.lib.util import str_to_bool, dpidToStr from pox.lib.recoco import Timer from pox.lib.packet.icmp import icmp import pox.openflow.libopenflow_01 as of from pox.lib.revent import * import time class pretend(): def fake_1(self,event): inport = event.port packet = event.parsed # Try to forward dstaddr = packet.next.dstip #pretend to reply for a unknow ip print"packet in" #print isinstance(paceket.next.next,ARP) if isinstance(packet.next.next,icmp): #EXCHANGE the ip packet.next.dstip=packet.next.srcip packet.next.srcip=dstaddr #packet.next.port=packet.next.inport packet.next.next.type=0 #change the macaddress print "pretend icmp" tmp=packet.dst packet.dst=packet.src packet.src=tmp #send it msg = of.ofp_packet_out() msg.data = packet msg.actions.append(of.ofp_action_output(port = of.OFPP_IN_PORT)) msg.in_port = inport event.connection.send(msg) return 写完这两个文件之后，只需要在l2_learning里面调用就可以实现了，注意调用的位置应该在FLOOD，或者DROP函数里。即找不到IP时回复。当然写在最前面也是可以的，但是这样其他正常存在的IP就无法连接了。

【pox】SDN实现的PING欺骗