Ns3 Projects for B.E/B.Tech M.E/M.Tech PhD Scholars.  Phone-Number:9790238391   E-mail: ns3simulation@gmail.com

How to implement fragmentation attack in ns3

To implement fragmentation attack in ns3, it implicates by transferring a series of IP fragments that when reconstructed, go beyond the maximum tolerable packet size or implicates overlapping fragments that can explore vulnerabilities in the reassembly process. We need to execute this situation in ns3 environment then only we can send the fragmented packets to victim node.

Here are the few steps to implement the fragmentation attacks in ns3 tools:

Steps to Implement a Fragmentation Attack in ns3

  1. Set Up ns3 Environment:
    • Make sure ns3 is installed in the computer.
  2. Create a New ns3 Script:
    • Create a new script file in the scratch directory of ns3, e.g., fragmentation_attack.cc.
  3. Include Necessary Headers:
    • Implicate all the required ns3 headers in the script.
  4. Define Network Topology:
    • Set up a network topology with multiple legitimate nodes and an attacker node.
  5. Implement Fragmentation Attack Logic:
    • To send fragmented IP packets to the victim node by use of attacker node.
  6. Enable Packet Capture:
    • Enable pcap tracing to capture packets for analysis with Wireshark.
  7. Run the Simulation:
    • Set the simulation time and run the simulation using Simulator::Run() and Simulator::Destroy().

Example Code:

At this direction, we can see the sample steps to complete the fragmentation attack in ns3:

#include “ns3/core-module.h”

#include “ns3/network-module.h”

#include “ns3/internet-module.h”

#include “ns3/point-to-point-module.h”

#include “ns3/applications-module.h”

#include “ns3/ipv4-header.h”

using namespace ns3;

NS_LOG_COMPONENT_DEFINE (“FragmentationAttack”);

void SendFragmentedPacket (Ptr<Node> attackerNode, Ipv4Address victimAddress, uint16_t port, uint32_t packetSize)

{

Ptr<Socket> socket = Socket::CreateSocket (attackerNode, TypeId::LookupByName (“ns3::UdpSocketFactory”));

InetSocketAddress remote = InetSocketAddress (victimAddress, port);

socket->Connect (remote);

uint32_t fragmentSize = 512; // Size of each fragment

uint32_t numFragments = packetSize / fragmentSize;

if (packetSize % fragmentSize != 0)

{

numFragments++;

}

for (uint32_t i = 0; i < numFragments; ++i)

{

uint32_t size = (i == numFragments – 1) ? packetSize % fragmentSize : fragmentSize;

Ptr<Packet> fragment = Create<Packet> (size)

Ipv4Header ipv4Header;

ipv4Header.SetDestination (victimAddress);

ipv4Header.SetSource (attackerNode->GetObject<Ipv4> ()->GetAddress (1, 0).GetLocal ());

ipv4Header.SetProtocol (17); // UDP protocol number

ipv4Header.SetFragmentOffset (i * fragmentSize / 8); // Set fragment offset

ipv4Header.SetMoreFragments (i < numFragments – 1); // Set MF flag

fragment->AddHeader (ipv4Header);

socket->Send (fragment);

}

}

int main (int argc, char *argv[])

{

bool verbose = true;

uint32_t nNodes = 3; // Number of legitimate nodes

uint16_t port = 9; // Target port for the attack

uint32_t packetSize = 2048; // Size of the original packet

CommandLine cmd;

cmd.AddValue (“nNodes”, “Number of legitimate nodes”, nNodes);

cmd.AddValue (“port”, “Target port for the attack”, port);

cmd.AddValue (“packetSize”, “Size of the original packet”, packetSize);

cmd.Parse (argc, argv);

if (verbose)

{

LogComponentEnable (“FragmentationAttack”, LOG_LEVEL_INFO);

}

NodeContainer nodes;

nodes.Create (nNodes + 1); // +1 for the attacker node

Ptr<Node> attacker = nodes.Get (nNodes);

PointToPointHelper pointToPoint;

pointToPoint.SetDeviceAttribute (“DataRate”, StringValue (“5Mbps”));

pointToPoint.SetChannelAttribute (“Delay”, StringValue (“2ms”));

NetDeviceContainer devices;

for (uint32_t i = 0; i < nodes.GetN () – 1; ++i)

{

devices.Add (pointToPoint.Install (nodes.Get (i), nodes.Get (i + 1)));

}

InternetStackHelper stack;

stack.Install (nodes);

Ipv4AddressHelper address;

address.SetBase (“10.1.1.0”, “255.255.255.0”);

Ipv4InterfaceContainer interfaces = address.Assign (devices);

// Install applications on legitimate

Explanation:

To implement the fragmentation attack in ns3, we provide the overall description for the process that are given below

  1. Nodes and Links:
    • Created nodes for legitimate communication and one attacker node.
    • Configured point-to-point links between the nodes.
  2. Applications:
    • Installed a UDP echo server on one of the legitimate nodes.
    • Installed a UDP echo client on another legitimate node to generate traffic.
  3. Fragmentation Attack Logic:
    • Implemented a SendFragmentedPacket function to create and send fragmented packets from the attacker node to the victim node.
    • Scheduled the fragmentation attack to start at a specific time in the simulation.
  4. Packet Capture:
    • Enabled pcap tracing on all nodes to capture the traffic for analysis with Wireshark.
  5. Running the Simulation:
    • The simulation runs with the attacker node sending fragmented packets to the victim node, and the traffic is captured in pcap files.

At final, we are learned about how the fragmentation attacks will identify the attacks in reassembly process. We also offer interesting behaviour of fragmentation attacks by using the other simulation tools. We work on all areas of Fragmentation attack in ns3 simulation, get best results with us by merging with our experts.