Ns3 Projects for B.E/B.Tech M.E/M.Tech PhD Scholars.  Phone-Number:9790238391   E-mail: ns3simulation@gmail.com

How to Implement ICMP redirect attack in ns3

Implementing ICMP redirect attack in ns3 requires to simulate a scenario where ICMP redirect messages are sent to the victim by an attacker to alter its routing table. This type of attack can be utilized to redirect traffic through a malicious node. Here are the steps to implement this in ns3.

Steps for implementation

  1. Set up your ns3 :
  • Make sure that ns3 is installed in the computer. If not, install it.
  1. Create a new ns3 script :
  • In the scratch directory of ns3, create a new script.
  1. Include necessary libraries :
  • In your script, include the necessary libraries.
  1. Define network topology :
  • For your network topology, create multiple nodes and one attacker node.
  1. Implement the ICMP redirect logic :
  • Use raw sockets to send ICMP redirect messages from the attacker node.
  1. Enable packet capturing :
  • Enable pcap tracing to capture packets for analysis with Wireshark.
  1. Run the Simulation :
  • Define the simulation parameters and run it.

Here is the example to demonstrate the steps :

#include “ns3/core-module.h”

#include “ns3/network-module.h”

#include “ns3/internet-module.h”

#include “ns3/point-to-point-module.h”

#include “ns3/applications-module.h”

#include “ns3/ipv4-raw-socket-factory.h”

#include “ns3/icmpv4-header.h”

#include “ns3/ipv4-l3-protocol.h”

using namespace ns3;

NS_LOG_COMPONENT_DEFINE (“IcmpRedirectAttack”);

void SendIcmpRedirect (Ptr<Node> attackerNode, Ipv4Address source, Ipv4Address destination, Ipv4Address newGateway)

{

Ptr<Socket> socket = Socket::CreateSocket (attackerNode, Ipv4RawSocketFactory::GetTypeId ());

socket->SetAttribute (“Protocol”, UintegerValue (1)); // ICMP protocol number

Ptr<Packet> packet = Create<Packet> (); // Create an empty packet

// Create and add ICMP redirect header

Icmpv4Redirect icmpRedirect;

icmpRedirect.SetGatewayAddress (newGateway);

// Add the original IP header that triggered the redirect

Ipv4Header ipHeader;

ipHeader.SetSource (source);

ipHeader.SetDestination (destination);

ipHeader.SetProtocol (1); // ICMP

ipHeader.SetPayloadSize (100);

packet->AddHeader (ipHeader);

packet->AddHeader (icmpRedirect);

// Send the packet

socket->SendTo (packet, 0, InetSocketAddress (destination, 0));

}

int main (int argc, char *argv[])

{

// Set up logging

LogComponentEnable (“IcmpRedirectAttack”, LOG_LEVEL_INFO);

// Create nodes

NodeContainer nodes;

nodes.Create (3); // Two legitimate nodes and one attacker node

// Create point-to-point links

PointToPointHelper pointToPoint;

pointToPoint.SetDeviceAttribute (“DataRate”, StringValue (“5Mbps”));

pointToPoint.SetChannelAttribute (“Delay”, StringValue (“2ms”));

NetDeviceContainer devices;

devices = pointToPoint.Install (nodes.Get (0), nodes.Get (1));

devices.Add (pointToPoint.Install (nodes.Get (1), nodes.Get (2))); // Attacker connected to one of the nodes

// Install the internet stack

InternetStackHelper stack;

stack.Install (nodes);

// Assign IP addresses

Ipv4AddressHelper address;

address.SetBase (“10.1.1.0”, “255.255.255.0”);

Ipv4InterfaceContainer interfaces = address.Assign (devices);

// Install applications on legitimate nodes

uint16_t port = 9; // Discard port (RFC 863)

// Server application

UdpEchoServerHelper echoServer (port);

ApplicationContainer serverApps = echoServer.Install (nodes.Get (1));

serverApps.Start (Seconds (1.0));

serverApps.Stop (Seconds (10.0));

// Client application

UdpEchoClientHelper echoClient (interfaces.GetAddress (1), port);

echoClient.SetAttribute (“MaxPackets”, UintegerValue (100));

echoClient.SetAttribute (“Interval”, TimeValue (Seconds (0.1)));

echoClient.SetAttribute (“PacketSize”, UintegerValue (1024));

ApplicationContainer clientApps = echoClient.Install (nodes.Get (0));

clientApps.Start (Seconds (2.0));

clientApps.Stop (Seconds (10.0));

// Enable packet capture

pointToPoint.EnablePcapAll (“icmp_redirect_attack”);

// Schedule ICMP redirect attack

Simulator::Schedule (Seconds (3.0), &SendIcmpRedirect, nodes.Get (2), interfaces.GetAddress (0), interfaces.GetAddress (1), interfaces.GetAddress (2));

// Run simulation

Simulator::Run ();

Simulator::Destroy ();

return 0;

}

Explanation

  1. Nodes and links :

Three nodes are created : two legitimate nodes and one attacker node. Point-to-point links between nodes are configured.

  1. Applications :

On one of the legitimate nodes, a UDP echo server is installed and on another legitimate node, a UDP echo client is installed to generate traffic.

  1. ICMP Redirect Logic :

To create and send ICMP Redirect messages using raw sockets, a SendIcmpRedirect function is implemented, to send a redirect message from the attacker node to the victim node, the ICMP redirect attack was scheduled.

  1. Packet Capture :

To capture the traffic for analysis with Wireshark, pcap tracing on all nodes is enabled.

  1. Running the Simulation :

The simulation runs, with the attacker node sending ICMP Redirect messages to the victim node, and the traffic is captured in pcap files.

Overall, we had successfully implemented an ICMP redirect attack in ns3 by sending ICMP redirect messages to the victim by an attacker. Also, we provide more related project details on ICMP redirect attack. ICMP redirect attack in ns3 simulation are executed by us tailored to your projects.