Implementing ICMP redirect attack in ns3 requires to simulate a scenario where ICMP redirect messages are sent to the victim by an attacker to alter its routing table. This type of attack can be utilized to redirect traffic through a malicious node. Here are the steps to implement this in ns3.
Steps for implementation
- Set up your ns3 :
- Make sure that ns3 is installed in the computer. If not, install it.
- Create a new ns3 script :
- In the scratch directory of ns3, create a new script.
- Include necessary libraries :
- In your script, include the necessary libraries.
- Define network topology :
- For your network topology, create multiple nodes and one attacker node.
- Implement the ICMP redirect logic :
- Use raw sockets to send ICMP redirect messages from the attacker node.
- Enable packet capturing :
- Enable pcap tracing to capture packets for analysis with Wireshark.
- Run the Simulation :
- Define the simulation parameters and run it.
Here is the example to demonstrate the steps :
#include “ns3/core-module.h”
#include “ns3/network-module.h”
#include “ns3/internet-module.h”
#include “ns3/point-to-point-module.h”
#include “ns3/applications-module.h”
#include “ns3/ipv4-raw-socket-factory.h”
#include “ns3/icmpv4-header.h”
#include “ns3/ipv4-l3-protocol.h”
using namespace ns3;
NS_LOG_COMPONENT_DEFINE (“IcmpRedirectAttack”);
void SendIcmpRedirect (Ptr<Node> attackerNode, Ipv4Address source, Ipv4Address destination, Ipv4Address newGateway)
{
Ptr<Socket> socket = Socket::CreateSocket (attackerNode, Ipv4RawSocketFactory::GetTypeId ());
socket->SetAttribute (“Protocol”, UintegerValue (1)); // ICMP protocol number
Ptr<Packet> packet = Create<Packet> (); // Create an empty packet
// Create and add ICMP redirect header
Icmpv4Redirect icmpRedirect;
icmpRedirect.SetGatewayAddress (newGateway);
// Add the original IP header that triggered the redirect
Ipv4Header ipHeader;
ipHeader.SetSource (source);
ipHeader.SetDestination (destination);
ipHeader.SetProtocol (1); // ICMP
ipHeader.SetPayloadSize (100);
packet->AddHeader (ipHeader);
packet->AddHeader (icmpRedirect);
// Send the packet
socket->SendTo (packet, 0, InetSocketAddress (destination, 0));
}
int main (int argc, char *argv[])
{
// Set up logging
LogComponentEnable (“IcmpRedirectAttack”, LOG_LEVEL_INFO);
// Create nodes
NodeContainer nodes;
nodes.Create (3); // Two legitimate nodes and one attacker node
// Create point-to-point links
PointToPointHelper pointToPoint;
pointToPoint.SetDeviceAttribute (“DataRate”, StringValue (“5Mbps”));
pointToPoint.SetChannelAttribute (“Delay”, StringValue (“2ms”));
NetDeviceContainer devices;
devices = pointToPoint.Install (nodes.Get (0), nodes.Get (1));
devices.Add (pointToPoint.Install (nodes.Get (1), nodes.Get (2))); // Attacker connected to one of the nodes
// Install the internet stack
InternetStackHelper stack;
stack.Install (nodes);
// Assign IP addresses
Ipv4AddressHelper address;
address.SetBase (“10.1.1.0”, “255.255.255.0”);
Ipv4InterfaceContainer interfaces = address.Assign (devices);
// Install applications on legitimate nodes
uint16_t port = 9; // Discard port (RFC 863)
// Server application
UdpEchoServerHelper echoServer (port);
ApplicationContainer serverApps = echoServer.Install (nodes.Get (1));
serverApps.Start (Seconds (1.0));
serverApps.Stop (Seconds (10.0));
// Client application
UdpEchoClientHelper echoClient (interfaces.GetAddress (1), port);
echoClient.SetAttribute (“MaxPackets”, UintegerValue (100));
echoClient.SetAttribute (“Interval”, TimeValue (Seconds (0.1)));
echoClient.SetAttribute (“PacketSize”, UintegerValue (1024));
ApplicationContainer clientApps = echoClient.Install (nodes.Get (0));
clientApps.Start (Seconds (2.0));
clientApps.Stop (Seconds (10.0));
// Enable packet capture
pointToPoint.EnablePcapAll (“icmp_redirect_attack”);
// Schedule ICMP redirect attack
Simulator::Schedule (Seconds (3.0), &SendIcmpRedirect, nodes.Get (2), interfaces.GetAddress (0), interfaces.GetAddress (1), interfaces.GetAddress (2));
// Run simulation
Simulator::Run ();
Simulator::Destroy ();
return 0;
}
Explanation
- Nodes and links :
Three nodes are created : two legitimate nodes and one attacker node. Point-to-point links between nodes are configured.
- Applications :
On one of the legitimate nodes, a UDP echo server is installed and on another legitimate node, a UDP echo client is installed to generate traffic.
- ICMP Redirect Logic :
To create and send ICMP Redirect messages using raw sockets, a SendIcmpRedirect function is implemented, to send a redirect message from the attacker node to the victim node, the ICMP redirect attack was scheduled.
- Packet Capture :
To capture the traffic for analysis with Wireshark, pcap tracing on all nodes is enabled.
- Running the Simulation :
The simulation runs, with the attacker node sending ICMP Redirect messages to the victim node, and the traffic is captured in pcap files.
Overall, we had successfully implemented an ICMP redirect attack in ns3 by sending ICMP redirect messages to the victim by an attacker. Also, we provide more related project details on ICMP redirect attack. ICMP redirect attack in ns3 simulation are executed by us tailored to your projects.