https://github.com/argirisaitos/sdn-arp-firewall

An SDN-based ARP Firewall using Ryu and Mininet to prevent ARP spoofing attacks. Implements OpenFlow rules to block malicious ARP packets
https://github.com/argirisaitos/sdn-arp-firewall

mininet-topology python3 ryu-controller sdn-network

Last synced: 5 months ago
JSON representation

An SDN-based ARP Firewall using Ryu and Mininet to prevent ARP spoofing attacks. Implements OpenFlow rules to block malicious ARP packets

• Host: GitHub
• URL: https://github.com/argirisaitos/sdn-arp-firewall
• Owner: ArgirisAitos
• Created: 2025-02-03T16:54:50.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2025-02-04T16:44:13.000Z (about 1 year ago)
• Last Synced: 2025-10-05T19:55:07.745Z (5 months ago)
• Topics: mininet-topology, python3, ryu-controller, sdn-network
• Language: Python
• Homepage:
• Size: 26.4 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# SDN-ARP-Firewall

# Description 

This project implements a Software-Defined Networking (SDN) solution to detect and prevent ARP Spoofing attacks. Using the Ryu controller and Mininet, it monitors ARP traffic and maintains a predefined ARP table to validate MAC-IP mappings. If an inconsistency is detected, the controller logs a warning and blocks the malicious packets.

# Features:

- ARP request/reply monitoring in an SDN enviroment.

- Static ARP table to prevent spoofing attacks.

- Dynamic detection of unauthorized MAC-IP changes.

- OpenFlow-based packet forwarding.

 # Requirements 

 - Mininet

 - Ryu controller

# Network Topology

 The network consists of:

 - 4 hosts (h1,h2,h3,h4)

 - 1 OpenFlow switch (s1)

 - Ryu controller managing the firewall rules.

![miniedit](https://github.com/user-attachments/assets/45d6f274-2c6c-4b2c-92a1-abeed99c72dc)

# Setup Instructions 

1. **Clone this repository**

```bash 

git clone https://github.com/ArgirisAitos/SDN-ARP-Firewall

```

2. **Install Dependecies**

 ```bash

  pip install ryu 

  ```

  ```bash

  sudo pip3 install mininet 

  

  ```

  3. **Start Mininet with the Custom Topology**

  ```bash

  sudo python topology.py 

  

  ```

4. **Run the Ryu Controller**

  ```bash 

  ryu-manager FirewallARP.py

  ```

  5. **Test ARP Spoofing Prevention**

      

      **ARP Spoofing Attempt**

   Try to send a fake ARP reply from h1 pretending to have the IP of h3 using the following command:

      

```bash

mininet> h1 arpspoof -i h1-eth0 -t 10.0.0.2 10.0.0.3

```

The controller **logs a warning and blocks the attack**.

![Στιγμιότυπο οθόνης 2025-02-04 181045](https://github.com/user-attachments/assets/6cb024ba-4ba7-4368-9139-00c405eb57e5)