To implement teardrop attack in ns3, we need to set up a network topology with multiple receiving nodes and one attacker node to analyse the overlap in the fragments. This teardrop attack is a type of Denial of Service (DoS) attack, because while sending the fragmented IP packets from the attacker node with overlapping payloads to the target machine it resembles them it may crash or become unstable.
The following steps will guide on how to implement teardrop attack in ns3:
Steps to Implement a Teardrop Attack in ns3
- Set Up ns-3 Environment:
- Make sure ns3 is installed on the system.
- Create a New ns-3 Script:
- Create a new script file in the scratch directory of ns3, e.g., teardrop_attack.cc.
- Include Necessary Headers:
- Include the necessary ns3 headers in the script.
- Define Network Topology:
- Set up a network topology with multiple legitimate nodes and an attacker node.
- Implement Teardrop Attack Logic:
- Use the attacker node to send fragmented IP packets with overlapping offsets to the victim node.
- Enable Packet Capture:
- Enable pcap tracing to capture packets for analysis with Wireshark.
- Run the Simulation:
- Set the simulation time and run the simulation using Simulator::Run() and Simulator::Destroy().
Example Code:
#include “ns3/core-module.h”
#include “ns3/network-module.h”
#include “ns3/internet-module.h”
#include “ns3/point-to-point-module.h”
#include “ns3/applications-module.h”
#include “ns3/ipv4-header.h”
using namespace ns3;
NS_LOG_COMPONENT_DEFINE (“TeardropAttack”);
void SendTeardropAttack (Ptr<Node> attackerNode, Ipv4Address victimAddress, uint16_t port, uint32_t packetSize)
{
Ptr<Socket> socket = Socket::CreateSocket (attackerNode, TypeId::LookupByName (“ns3::UdpSocketFactory”));
InetSocketAddress remote = InetSocketAddress (victimAddress, port);
socket->Connect (remote);
uint32_t fragmentSize = 512; // Size of each fragment
uint32_t numFragments = packetSize / fragmentSize;
if (packetSize % fragmentSize != 0)
{
numFragments++;
}
for (uint32_t i = 0; i < numFragments; ++i)
{
uint32_t size = (i == numFragments – 1) ? packetSize % fragmentSize : fragmentSize;
Ptr<Packet> fragment = Create<Packet> (size);
Ipv4Header ipv4Header;
ipv4Header.SetDestination (victimAddress);
ipv4Header.SetSource (attackerNode->GetObject<Ipv4> ()->GetAddress (1, 0).GetLocal ());
ipv4Header.SetProtocol (17); // UDP protocol number
if (i > 0)
{
ipv4Header.SetFragmentOffset (i * (fragmentSize / 8) – 1); // Create overlapping offset
}
else
{
ipv4Header.SetFragmentOffset (i * (fragmentSize / 8));
}
ipv4Header.SetMoreFragments (i < numFragments – 1); // Set MF flag
fragment->AddHeader (ipv4Header);
socket->Send (fragment);
}
}
int main (int argc, char *argv[])
{
bool verbose = true;
uint32_t nNodes = 2; // Number of legitimate nodes
uint16_t port = 8080; // Target port for the attack
uint32_t packetSize = 2048; // Size of the original packet
CommandLine cmd;
cmd.AddValue (“nNodes”, “Number of legitimate nodes”, nNodes);
cmd.AddValue (“port”, “Target port for the attack”, port);
cmd.AddValue (“packetSize”, “Size of the original packet”, packetSize);
cmd.Parse (argc, argv);
if (verbose)
{
LogComponentEnable (“TeardropAttack”, LOG_LEVEL_INFO);
}
NodeContainer nodes;
nodes.Create (nNodes + 1); // +1 for the attacker node
Ptr<Node> attacker = nodes.Get (nNodes);
PointToPointHelper pointToPoint;
pointToPoint.SetDeviceAttribute (“DataRate”, StringValue (“5Mbps”));
pointToPoint.SetChannelAttribute (“Delay”, StringValue (“2ms”));
NetDeviceContainer devices;
for (uint32_t i = 0; i < nodes.GetN () – 1; ++i)
{
devices.Add (pointToPoint.Install (nodes.Get (i), nodes.Get (i + 1)));
}
InternetStackHelper stack;
stack.Install (nodes);
Ipv4AddressHelper address;
address.SetBase (“10.1.1.0”, “255.255.255.0”);
Ipv4InterfaceContainer interfaces = address.Assign (devices);
// Install applications on legitimate nodes
UdpEchoServerHelper echoServer (port);
ApplicationContainer serverApps = echoServer.Install (nodes.Get (nNodes – 1));
serverApps.Start (Seconds (1.0));
serverApps.Stop (Seconds (10.0));
UdpEchoClientHelper echoClient (interfaces.GetAddress (nNodes – 1), port);
echoClient.SetAttribute (“MaxPackets”, UintegerValue (100));
echoClient.SetAttribute (“Interval”, TimeValue (Seconds (0.1)));
echoClient.SetAttribute (“PacketSize”, UintegerValue (packetSize));
ApplicationContainer clientApps = echoClient.Install (nodes.Get (0));
clientApps.Start (Seconds (2.0));
clientApps.Stop (Seconds (10.0));
// Schedule teardrop attack
Simulator::Schedule (Seconds (3.0), &SendTeardropAttack, attacker interfaces.GetAddress (nNodes – 1), port, packetSize);
// Enable packet capture
pointToPoint.EnablePcapAll (“teardrop_attack”);
Simulator::Run ();
Simulator::Destroy ();
return 0;
}
Explanation:
- Nodes and Links:
- Created nodes for legitimate communication and one attacker node.
- Configured point-to-point links between the nodes.
- Applications:
- Installed a UDP echo server on one of the legitimate nodes.
- Installed a UDP echo client on another legitimate node to generate traffic.
- Teardrop Attack Logic:
- Implemented a SendTeardropAttack function to create and send fragmented packets with overlapping offsets from the attacker node to the victim node.
- Scheduled the teardrop attack to start at a specific time in the simulation.
- Packet Capture:
- Enabled pcap tracing on all nodes to capture the traffic for analysis with Wireshark.
- Running the Simulation:
- The simulation runs with the attacker node sending fragmented packets with overlapping offsets to the victim node, and the traffic is captured in pcap files.
The implementation process of teardrop attack is done successfully for accessing the Denial-of-service attack while the target machine tries to reassemble the fragmented packets it will crash or become unstable due to overlapping. Performance Analysis on Teardrop attack in ns3 will be assisted by our programmers so stay in touch with ns3simulation.com.