Software-Defined Networking (SDN) decoupled architecture provides greater network visibility for network operators allowing effective resource management and enhances networks security. However, the SDN centralized architecture, the communication channels between planes and the limited resources can make SDN systems vulnerable against DoS/DDoS attacks. To have a better understanding of the attack dynamics and lead to future mitigation techniques, modeling DoS/DDoS attacks for SDN is necessary. The main goal of modeling is to provide i) better understanding about the attack effect, and consequently ii) more effective mitigation techniques. Specially when DDoS attacks costs oscillated between $25,000 and$249,000 for %58 of companies around the world in 2018 [1]. We propose a model for the low-rate (shrew) stealthy DDoS attacks, which exploit vulnerabilities in the TCP’s re-transmission time out mechanism (RTO). We found that these attacks are able to target the southbound TCP channel, used by OpenFlow and P4 protocol, in SDN.