I have read in some publication that OpenFLow switch is able to keep track of the sequence number of each traffic flow to detect MAC spoofing attack. Upon reception of a frame, the algorithm calculates the gap G between the sequence number of the current frame and that of the last frame received from the same source address. If G = 0, the current frame is considered as a re-transmitted frame, while if G = 1 or G = 2, the current frame is considered the right one. But, if the gap between the current frame and previous frame is in between 3 and 4096, then it is considered an abnormal sequence number.
In my case, I use Ryu Controller and I would like to do the same work, where the switch sends the alert to the controller after the switch detects the gap. Thanks in advance Alshra'a
_______________________________________________ Ryu-devel mailing list Ryu-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ryu-devel
