Ambusher: Exploring the Security of Distributed SDN Controllers through Protocol State Fuzzing

Distributed SDN (Software-Defined Networking) controllers have rapidly become an integral element ofWide Area Networks (WAN), particularly within SD-WAN, providing scalability and fault-tolerance for expansive network infrastructures. However, the architecture of these controllers introduces new potential attack surfaces that have thus far received inadequate attention. In response to these concerns, we introduce Ambusher , a testing tool designed to discover vulnerabilities within protocols used in distributed SDN controllers. Ambusher achieves this by leveraging protocol state fuzzing , which systematically finds attack scenarios based on an inferred state machine. Since learning states from a cluster is complicated, Ambusher proposes a novel methodology that extracts a single and relatively simple state machine, achieving efficient state-based fuzzing. Our evaluation of Ambusher , conducted on a real SD-WAN deployment spanning two campus networks and one enterprise network, illustrates its ability to uncover 6 potential vulnerabilities in the widely used distributed controller platform.