Switch OOB Management Library (soobml)
Version 2 is coming!
Version 2 is thread-safe, supports multiple switches, is tested more thoroughly and has pylint and code coverage metrics. The requirements and design document is now available (July 14, 2009).
Version 1 documentation:
This project dynamically manages VLANs on Cisco switches through the serial port. It is useful when it is assumed (or if the risk of the following is too dangerous) that there are, or will be, bugs and vulnerabilities in the Cisco VLAN code such that it is not safe for the switch to be managed through an IP address. This is a safe bet, as there have been VLAN-related vulnerabilities. We want true Out-Of-Band management, in which management traffic is not mixed with operational traffic. This lowers the chance for malicious traffic to reconfigure the switch. For this purpose, there is no other alternative than using the serial port. This relates closely to the security principle of using different channels to communicate code (or commands) and data. The "management port" of Cisco switches is nothing more than an emergency recovery port, and is active only while the switch is booting, in ronmon mode, and so can't be used for our purpose. We use the SOOBML to dynamically create and destroy VLANs to contain security experiments, within the Purdue University CERIAS ReAssure project.
Installation and Usage:
The library requires the python serial extension. The source code for the SOOBML library can be downloaded here. The library itself is named "SwitchManager.py"; a test script, 'status_tester.py' is also available. The test script calls all the functions in the library. Before you can use the library, you will need to set the values of some constants depending on the switch you are using. Documents provide a description of the installation (changing constants) and the usage of the library. The documents also provide information about each of the functions. The test script can be run using the following command:
python -c status_tester.py
The script will prompt you for the switch password. If there are any errors reported, make sure you entered the correct password, and that the constants have the correct values.
Developed By: Mayank Ramkishore Gupta, Patrick Perrone and Pascal Meunier
Purdue University CERIAS