How to Start Packet Flooding Attack Projects using NS3

To create a packet flooding attack in NS-3 could be replicate a scenario in which an attacker transmits an excessive number of packets to a target node and typically we overwhelm its resources and disrupt legitimate communication. These attacks can be target multiple layers, such as TCP/UDP flooding, ICMP flooding, or application-layer flooding.

Here’s a step-by-step guide to simulate a packet flooding attack using NS-3:

Steps to Start Packet Flooding Attack Projects using NS3

  1. Set Up NS-3
  • Install and build NS-3:

./waf configure

./waf build

  • Test the installation:

./waf –run hello-simulator

  1. Understand Packet Flooding Attacks
  • Mechanism:
    • An attacker transmits a large volume of packets to a victim and consuming the bandwidth, CPU, or memory resources.
  • Attack Types:
    • UDP Flooding: Transmitting the UDP packets to random ports.
    • TCP SYN Flooding: Transfer a large number of TCP SYN packets to overwhelm the TCP handshake.
    • ICMP Flooding: Overloading by ICMP Echo (Ping) requests.
  1. Define the Network Topology
  • Generate a network with:
    • Legitimate Nodes: communicating normally for clients and a server.
    • Attacker Node: Transfer the flooding packets to the target.
  • Sample Topology:

NodeContainer clients, server, attacker;

clients.Create(2);  // Two legitimate clients

server.Create(1);   // One server

attacker.Create(1); // One attacker

PointToPointHelper p2p;

p2p.SetDeviceAttribute(“DataRate”, StringValue(“10Mbps”));

p2p.SetChannelAttribute(“Delay”, StringValue(“2ms”));

// Connect nodes

NetDeviceContainer clientToServer = p2p.Install(NodeContainer(clients, server.Get(0)));

NetDeviceContainer attackerToServer = p2p.Install(NodeContainer(attacker, server.Get(0)));

  1. Assign IP Addresses
  • Install the Internet stack and assign IPs to the nodes.

InternetStackHelper stack;

stack.Install(clients);

stack.Install(server);

stack.Install(attacker);

Ipv4AddressHelper address;

address.SetBase(“10.1.1.0”, “255.255.255.0”);

address.Assign(clientToServer);

address.SetBase(“10.1.2.0”, “255.255.255.0”);

address.Assign(attackerToServer);

  1. Simulate Legitimate Traffic
  • Enhance the general transmission among clients and the server.
  • Sample: UDP Traffic

uint16_t port = 9;

UdpEchoServerHelper echoServer(port);

ApplicationContainer serverApp = echoServer.Install(server.Get(0));

serverApp.Start(Seconds(1.0));

serverApp.Stop(Seconds(10.0));

UdpEchoClientHelper echoClient(Ipv4Address(“10.1.1.1”), port);

echoClient.SetAttribute(“MaxPackets”, UintegerValue(50));

echoClient.SetAttribute(“Interval”, TimeValue(Seconds(0.1)));

echoClient.SetAttribute(“PacketSize”, UintegerValue(512));

ApplicationContainer clientApps = echoClient.Install(clients);

clientApps.Start(Seconds(2.0));

clientApps.Stop(Seconds(10.0));

  1. Simulate the Packet Flooding Attack
  • Flooding Mechanism:
    • The attacker transfer a high volume of packets to the server.

6.1 UDP Flooding

void UdpFlood(Ptr<Node> attacker, Ipv4Address targetAddress, uint16_t port) {

Ptr<Socket> socket = Socket::CreateSocket(attacker, TypeId::LookupByName(“ns3::UdpSocketFactory”));

InetSocketAddress remote = InetSocketAddress(targetAddress, port);

socket->Connect(remote);

for (int i = 0; i < 1000; ++i) {  // Flood with 1000 packets

Simulator::Schedule(MicroSeconds(i * 100), [=]() {

Ptr<Packet> packet = Create<Packet>(1024);  // UDP packet payload

socket->Send(packet);

});

}

}

Simulator::Schedule(Seconds(3.0), &UdpFlood, attacker.Get(0), Ipv4Address(“10.1.1.1”), 9);

6.2 ICMP Flooding

void IcmpFlood(Ptr<Node> attacker, Ipv4Address targetAddress) {

Ptr<Socket> socket = Socket::CreateSocket(attacker, TypeId::LookupByName(“ns3::Ipv4RawSocketFactory”));

InetSocketAddress remote = InetSocketAddress(targetAddress, 0);

socket->Connect(remote);

for (int i = 0; i < 1000; ++i) {  // Flood with 1000 ICMP Echo Requests

Simulator::Schedule(MicroSeconds(i * 100), [=]() {

IcmpHeader icmpHeader;

icmpHeader.SetType(IcmpHeader::ECHO);

Ptr<Packet> packet = Create<Packet>(1024);  // ICMP packet payload

packet->AddHeader(icmpHeader);

socket->Send(packet);

});

}

}

Simulator::Schedule(Seconds(3.0), &IcmpFlood, attacker.Get(0), Ipv4Address(“10.1.1.1”));

6.3 TCP SYN Flooding

void TcpSynFlood(Ptr<Node> attacker, Ipv4Address targetAddress, uint16_t port) {

Ptr<Socket> socket = Socket::CreateSocket(attacker, TypeId::LookupByName(“ns3::TcpSocketFactory”));

InetSocketAddress remote = InetSocketAddress(targetAddress, port);

socket->Connect(remote);

for (int i = 0; i < 1000; ++i) {  // Flood with 1000 SYN packets

Simulator::Schedule(MicroSeconds(i * 100), [=]() {

TcpHeader tcpHeader;

tcpHeader.SetFlags(TcpHeader::SYN);

Ptr<Packet> synPacket = Create<Packet>(1024);  // SYN packet payload

synPacket->AddHeader(tcpHeader);

socket->Send(synPacket);

});

}

}

Simulator::Schedule(Seconds(3.0), &TcpSynFlood, attacker.Get(0), Ipv4Address(“10.1.1.1”), 9);

  1. Enable Packet Tracing
  • Utilized a PCAP to seizure packets for analysis in Wireshark.

PointToPointHelper p2p;

p2p.EnablePcapAll(“packet-flooding”);

  1. Run the Simulation
  • We compile and execute the simulation:

./waf –run packet-flooding

  • Analyse the generated .pcap files.
  1. Analyse the Attack
  • Open the .pcap file in Wireshark:

wireshark packet-flooding-0-0.pcap

  • Utilized these filters we inspect precise attack traffic:
    • UDP Flood: udp && ip.dst == <server IP>
    • ICMP Flood: icmp.type == 8
    • TCP SYN Flood: tcp.flags.syn == 1 && tcp.flags.ack == 0
  1. Implement Detection and Mitigation
  • Detection:
    • Track for high traffic rates or abnormal packet patterns.
    • Instance:

void MonitorTraffic(Ptr<const Packet> packet) {

static std::map<Ipv4Address, int> packetCounts;

Ipv4Header ipv4Header;

packet->PeekHeader(ipv4Header);

packetCounts[ipv4Header.GetSource()]++;

if (packetCounts[ipv4Header.GetSource()] > 100) {

NS_LOG_UNCOND(“Potential Flood Attack from: ” << ipv4Header.GetSource());

}

}

  • Mitigation:
    • Rate limiting: Limited the number of packets processed per second for rate limiting.
    • Blacklisting: The Block traffic from the attacker node.

From the establishment we completely aggregate the information about the installation process and simulation procedure for Packet flooding attack that were deploy in the tool of NS3. More information regarding the packet flooding attack will also be provided.

We specialize in TCP/UDP flooding, ICMP flooding, and application-layer flooding. It is crucial to submit all pertinent project details to phdprojects.org. Ensure your work is completed on time and meets high-quality standards with the help of our researchers. We guarantee top-notch Packet Flooding Attack Projects utilizing NS3 and simulation services.