How to Start ICMP Attack Projects Using NS3

To start an ICMP attack in NS3, it like an ICMP flood or a more targeted ICMP-based attack such as ICMP Redirect, Smurf attack, we will require setting up a scenario in which an attacker exploits ICMP interrupting network functionality. Below is a simple approach on how to begin such a project:

Steps to Start ICMP Attack Projects in NS3

  1. Set Up NS3
  • We install NS3 on the system using below command:

./waf configure

./waf build

  • Confirm the installation with:

./waf –run hello-simulator

  1. Understand ICMP Attacks
  • ICMP Flood: The attacker transmits several ICMP Echo Requests like ping packets to a target, to devastate their resources.
  • Smurf Attack: The attacker burlesques the ICMP Echo Requests’ source address to trigger the target obtaining multiple replies.
  • ICMP Redirect: It transmits spoofed ICMP Redirect packets to modify the routing.
  • Ping of Death: It broadcasts the oversized ICMP packets to fail the target.
  1. Define the Network Topology
  • We need to make a topology including attacker, victim, and probably amplifier nodes for Smurf attacks.
  • Example: Simple Network Topology

NodeContainer attacker, victim, amplifier;

attacker.Create(1);

victim.Create(1);

amplifier.Create(3);  // Amplifiers for Smurf attack

PointToPointHelper p2p;

p2p.SetDeviceAttribute(“DataRate”, StringValue(“10Mbps”));

p2p.SetChannelAttribute(“Delay”, StringValue(“2ms”));

NetDeviceContainer attackerToAmplifier, amplifierToVictim;

attackerToAmplifier = p2p.Install(NodeContainer(attacker.Get(0), amplifier.Get(0)));

amplifierToVictim = p2p.Install(NodeContainer(amplifier.Get(0), victim.Get(0)));

  1. Assign IP Addresses
  • We install the Internet stack and then allocate IPs to the nodes.

InternetStackHelper stack;

stack.Install(attacker);

stack.Install(victim);

stack.Install(amplifier);

Ipv4AddressHelper address;

address.SetBase(“10.1.1.0”, “255.255.255.0”);

Ipv4InterfaceContainer attackerInterfaces = address.Assign(attackerToAmplifier);

address.SetBase(“10.1.2.0”, “255.255.255.0”);

Ipv4InterfaceContainer victimInterfaces = address.Assign(amplifierToVictim);

  1. Simulate Normal Traffic (Optional)
  • We need to insert legitimate traffic replicating a typical network environment.

UdpEchoServerHelper echoServer(9);

ApplicationContainer serverApps = echoServer.Install(victim.Get(0));

serverApps.Start(Seconds(1.0));

serverApps.Stop(Seconds(10.0));

UdpEchoClientHelper echoClient(victimInterfaces.GetAddress(0), 9);

echoClient.SetAttribute(“MaxPackets”, UintegerValue(10));

echoClient.SetAttribute(“Interval”, TimeValue(Seconds(1.0)));

echoClient.SetAttribute(“PacketSize”, UintegerValue(1024));

ApplicationContainer clientApps = echoClient.Install(attacker.Get(0));

clientApps.Start(Seconds(2.0));

clientApps.Stop(Seconds(10.0));

  1. Implement the ICMP Attack

ICMP Flood Attack

  • The attacker transmits continuous ICMP Echo Requests to the victim.

void IcmpFlood(Ptr<Node> attacker, Ipv4Address victimAddr) {

Ptr<Socket> socket = Socket::CreateSocket(attacker, TypeId::LookupByName(“ns3::Ipv4RawSocketFactory”));

socket->Connect(InetSocketAddress(victimAddr, 0));

for (int i = 0; i < 1000; ++i) {  // Simulate sending 1000 ICMP Echo Requests

Simulator::Schedule(Seconds(i * 0.001), [=]() {

IcmpHeader icmpHeader;

icmpHeader.SetType(IcmpHeader::ECHO);

Ptr<Packet> packet = Create<Packet>(1024);  // Payload

packet->AddHeader(icmpHeader);

socket->Send(packet);

});

}

}

Simulator::Schedule(Seconds(3.0), &IcmpFlood, attacker.Get(0), victimInterfaces.GetAddress(0));

Smurf Attack

  • The attacker transmits spoofed ICMP Echo Requests to the amplifier nodes to trigger them overflowing the victim.

void SmurfAttack(Ptr<Node> attacker, const std::vector<Ipv4Address>& amplifierAddresses, Ipv4Address victimAddr) {

Ptr<Socket> socket = Socket::CreateSocket(attacker, TypeId::LookupByName(“ns3::Ipv4RawSocketFactory”));

for (const auto& ampAddr : amplifierAddresses) {

Simulator::Schedule(Seconds(3.0), [=]() {

IcmpHeader icmpHeader;

icmpHeader.SetType(IcmpHeader::ECHO);

Ptr<Packet> packet = Create<Packet>(1024);  // Payload

packet->AddHeader(icmpHeader);

InetSocketAddress spoofedAddress = InetSocketAddress(ampAddr, 0);

socket->Connect(spoofedAddress);

socket->Send(packet);

});

}

}

// Amplifier IPs

std::vector<Ipv4Address> amplifierAddresses = {

amplifier.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0),

amplifier.Get(1)->GetObject<Ipv4>()->GetAddress(1, 0),

amplifier.Get(2)->GetObject<Ipv4>()->GetAddress(1, 0),

};

SmurfAttack(attacker.Get(0), amplifierAddresses, victimInterfaces.GetAddress(0));

  1. Enable Packet Tracing
  • Seize the attack traffic using PCAP tracing.

PointToPointHelper p2p;

p2p.EnablePcapAll(“icmp-attack”);

  1. Run the Simulation
  • We need to compile and run the simulation:

./waf –run icmp-attack

  • The .pcap files will be made that we can examine within Wireshark.
  1. Analyze with Wireshark
  • Go to the .pcap file within Wireshark:

wireshark icmp-attack-0-0.pcap

  • Analyse the attack traffic to utilise ICMP filters:
    • ICMP Echo Requests: icmp.type == 8
    • ICMP Echo Replies: icmp.type == 0
    • Spoofed Packets: Filter by the source IP.
  1. Implement Countermeasures (Optional)
  • Replicate the defenses opposing ICMP attacks:
    • Rate Limiting: Stop the excessive ICMP packets.
    • Packet Filtering: It obstructs spoofed packets.
  • Example: Straining ICMP Packets

void FilterIcmpPackets(Ptr<const Packet> packet, const Address& srcAddr) {

Ipv4Header ipv4Header;

packet->PeekHeader(ipv4Header);

if (ipv4Header.GetProtocol() == Ipv4Header::PROTO_ICMP) {

NS_LOG_UNCOND(“Dropping ICMP packet from ” << ipv4Header.GetSource());

}

}

  1. Evaluate Metrics
  • We estimate the attack’s effect:
    • Packet Delivery Ratio (PDR): We measure the percentage of legitimate packets well distributed.
    • Throughput: During the attack, compute the bandwidth utilization.
    • Latency: Calculate the delay triggered by the attack.

By using these detailed procedures, we can be replicated an ICMP attack using NS3, examined the network traffic within Wireshark, and then optionally executed the detection mechanisms. If you need further assistance, we will guide you.

We are working on ICMP Attack Projects using the ns3 tool. If you need new and exciting project results, our team is here to help you out!