SkillAgentSearch skills...

Sdfw

A Distributed and Software-Defined Firewall based on OpenFlow

GenerateConvertImprove

Install / Use

/learn @salvadorestran/Sdfw
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

sdfw

A Distributed and Software-Defined Firewall based on OpenFlow

This repository aims to implement a Proof of Concept (PoC) that shows how to prevent the propagation of malware into corporate networks, by means of Software-Defined Networking based on OpenFlow.

Abstract

As you will surely know, many of the last ransomware attacks, such as Wannacry and others, spread leveraging a vulnerability in SMB protocol, which can let an intruder inject shellcode into vulnerable Windows systems using the EternalBlue exploit.

The malware code is capable of searching vulnerable machines by their IP address in the LAN and attempting exploitation via SMB port 445.

This way, the traditional approach to protect the machines in a corporate LAN consists of installing the proper operating system patches and updating the antivirus software in order to close any vulnerable TCP or UDP port.

In this PoC it will be demonstrated how easy and efficient is to employ another approach based on the installation of a Firewall on every and each of the switches in the corporate LAN.

The PoC is based on the following key components:

  1. OpenFlow 1.3 compliant switches, which will be supplied by Open vSwitch.

  2. FAUCET, an OpenFlow controller for multi table OpenFlow 1.3 switches, that implements layer 2 switching, VLANs, ACLs, and layer 3 IPv4 and IPv6 routing.

  3. Mininet, a tool that creates a virtual network over Linux, running real kernel, switch and application code, on a single machine (VM, cloud or native), in seconds.

Table of Contents:

Requirements

  • Any machine with x86 type processor (Intel/AMD/etc.) and Virtualization Technology enabled.
  • At least 2GB RAM and 20GB of free Hard Disk space.
  • Any Debian Linux installed such as Ubuntu 20.04 LTS or higher.
  • Mininet installed into a VM (recommended).
  • FAUCET SDN controller installed in the same machine where Mininet is deployed.

Installation

See INSTALL.md for installation instructions and details.

Scenarios

See SCENARIOS.md for simulation options and running instructions.

Use cases

See USE_CASES.md for firewall set-up and test instructions.

Related Skills

node-connect

350.8k

Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps

frontend-design

110.4k

Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.

openai-whisper-api

350.8k

Transcribe audio via OpenAI Audio Transcriptions API (Whisper).

qqbot-media

350.8k

QQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。

salvadorestran

View profile

View on GitHub
GitHub Stars7
CategoryDevelopment
Updated2y ago
Forks1
salvadorestran/sdfw

Languages

JavaScript

Security Score

75/100

Audited on Mar 2, 2024

No findings