How to Start Fragmentation Attack Projects Using NS2

To create a fragmentation attack in networking has includes the exploiting on how the packets are fragmented and reassembled. In this attack for malicious nodes forward the fragmented packets for complicate or overcome the goal, it frequently leading the resource exhaustion or bypassing the security measures. The NS2 (Network Simulator 2) can be used for replicate the attacks through altering the packet behavior and network topology

Here’s how you can simulate a fragmentation attack in NS2:

Steps to Simulate Fragmentation Attack in NS2

  1. Understand Fragmentation Attacks
  • Purpose: Overload the victim through sending many fragmented packets or improperly reassembled packets.
  • Types:
    1. Overlapping Fragment Attack: Malicious fragments overlap and confuse the reassembly.
    2. Resource Exhaustion: Flood for victim by fragmented packets.
  • Goal: It replicates and examines the effect of fragmented packets for legitimate congestion and network performance.
  1. Set Up NS2 Environment
  • Install NS2 and verify:

sudo apt-get install ns2

  • Test with a basic script:

ns example.tcl

  1. Define Network Topology

Generate a TCL script for replicate the network topology they are:

  • Legitimate traffic such as normal communication.
  • Malicious nodes are creating the fragmented packets.
  • Victim node for receiving and processing the fragments.
  1. Implement Fragmentation Attack
  2. Fragmented Packet Transmission
  1. Describe the fragmented packets in NS2.
  2. Use CBR (Constant Bit Rate) or UDP agents for create the congestion.
  3. Change the NS2 parameters for replicate the fragmentation through splitting packets.

TCL Script for Fragmentation Attack:

# Initialize NS2 Simulator

set ns [new Simulator]

set tracefile [open frag_attack.tr w]

$ns trace-all $tracefile

# Define nodes

set attacker [$ns node]

set victim [$ns node]

set legitimate [$ns node]

# Create links

$ns duplex-link $attacker $victim 1Mb 10ms DropTail

$ns duplex-link $legitimate $victim 1Mb 10ms DropTail

# Attach UDP agents for attack traffic

set udp_attack [new Agent/UDP]

$ns attach-agent $attacker $udp_attack

set null [new Agent/Null]

$ns attach-agent $victim $null

$ns connect $udp_attack $null

# Attach TCP agents for legitimate traffic

set tcp_legit [new Agent/TCP]

$ns attach-agent $legitimate $tcp_legit

set sink_legit [new Agent/TCPSink]

$ns attach-agent $victim $sink_legit

$ns connect $tcp_legit $sink_legit

# Simulate legitimate traffic

set ftp [new Application/FTP]

$ftp attach-agent $tcp_legit

$ns at 1.0 “$ftp start”

# Simulate fragmentation attack

set cbr [new Application/Traffic/CBR]

$cbr set packetSize_ 200  # Small fragmented packet size

$cbr set interval_ 0.001  # High-frequency fragmented packets

$cbr attach-agent $udp_attack

$ns at 2.0 “$cbr start”

$ns at 5.0 “$cbr stop”

# End the simulation

$ns at 6.0 “finish”

proc finish {} {

global ns tracefile

$ns flush-trace

close $tracefile

exit 0

}

$ns run

  1. Analyze Results
  • Trace File:
    • Examine the frag_attack.tr for follow on the fragmented packets.
    • Filter fragmented packets using:

grep “UDP” frag_attack.tr > fragmented_packets.log

  • Metrics:
    • Throughput: Check the degradation for the victim.
    • Latency: Improved the delay for the packet reassembly.
    • Packet Drops: Track the packet stop rates during the attack.
  1. Visualize Results
  • Use tool like a Gnuplot or same tools for envision:
    • Visualize the Packet throughput before, during, and after the attack.
    • Latency or packet loss trends over time.
  1. Optional: Modify Core NS2 Code

Intended for advanced attack replication:

  1. Custom Fragmentation Logic:
    • Change the recv() for UDP agent or routing logic and build the overlapping or corrupted fragments.
  2. Example in C++:

void FragmentationNode::recv(Packet *p) {

// Split packet into fragments

Packet *frag1 = copyFragment(p, 0, 200); // Fragment 1

Packet *frag2 = copyFragment(p, 200, 400); // Fragment 2

// Overlap fragments

send(frag1);

send(frag2);

}

  1. Enhancements
  • Replicate defense mechanisms:
    1. Fragment filtering: Identify the overlapping or suspicious fragments.

if {[packet size] < threshold || overlapping detected} {

drop_packet

}

    1. Rate limiting: Limit the fragmented for packet frequency.
  1. Comparison with Real-World Tools
  • Use tools like Scapy or Hping3 for real-world fragmentation attacks for associate the outcomes by NS2 replication.

Tools and Resources

  • Wireshark: Examine the congestion design for fragmented packets.
  • Gnuplot: Envision for attack effect of throughput and latency.
  • NS2 Documentation: Reference for modifying scripts and packet behaviors.

Through the resulting code snippets and simulation events will very helpful to complete the simulation technique for Fragmented attack that were simulated and visualized the results using ns2 tool. Further assistance about the project will be provided in another manual.