How to Implement network attacks in ns3
To implement network attacks in ns3, we have to set up a network topology, create legitimate traffic, and then introduce attack logic from an attacker node. Here, is the complete guide on implementing a few common types of network attacks which includes SYN Flood, ICMP Flood, and ARP Spoofing.
- SYN Flood Attack
In SYN flood attack, we have to send a large number of TCP SYN packets to a target server, exhausting its resources.
Example :
#include “ns3/core-module.h”
#include “ns3/network-module.h”
#include “ns3/internet-module.h”
#include “ns3/point-to-point-module.h”
#include “ns3/applications-module.h”
#include “ns3/tcp-header.h”
using namespace ns3;
NS_LOG_COMPONENT_DEFINE (“SynFloodAttack”);
void SendSynFlood (Ptr<Node> attackerNode, Ipv4Address victimAddress, uint16_t port, uint32_t packetSize, uint32_t numPackets, Time interval)
{
Ptr<Socket> socket = Socket::CreateSocket (attackerNode, TypeId::LookupByName (“ns3::Ipv4RawSocketFactory”));
socket->SetAttribute (“Protocol”, UintegerValue (6)); // TCP protocol number
Ipv4Header ipv4Header;
ipv4Header.SetDestination (victimAddress);
ipv4Header.SetSource (attackerNode->GetObject<Ipv4> ()->GetAddress (1, 0).GetLocal ());
ipv4Header.SetProtocol (6); // TCP protocol number
TcpHeader tcpHeader;
tcpHeader.SetFlags (TcpHeader::SYN);
tcpHeader.SetSourcePort (port);
tcpHeader.SetDestinationPort (port);
tcpHeader.SetSequenceNumber (SequenceNumber32 (0));
for (uint32_t i = 0; i < numPackets; ++i)
{
Ptr<Packet> packet = Create<Packet> (packetSize);
packet->AddHeader (tcpHeader);
packet->AddHeader (ipv4Header);
socket->Send (packet);
Simulator::Schedule (interval, &SendSynFlood, attackerNode, victimAddress, port, packetSize, numPackets, interval);
}
}
int main (int argc, char *argv[])
{
uint32_t nAttackers = 3;
uint16_t port = 8080;
uint32_t packetSize = 100;
uint32_t numPackets = 1000;
Time interval = Seconds (0.01);
CommandLine cmd;
cmd.AddValue (“nAttackers”, “Number of attacker nodes”, nAttackers);
cmd.AddValue (“port”, “Target port for the attack”, port);
cmd.AddValue (“packetSize”, “Size of SYN packets”, packetSize);
cmd.AddValue (“numPackets”, “Number of SYN packets”, numPackets);
cmd.AddValue (“interval”, “Interval between SYN packets”, interval);
cmd.Parse (argc, argv);
NodeContainer nodes;
nodes.Create (nAttackers + 1);
NodeContainer attackers;
for (uint32_t i = 0; i < nAttackers; ++i)
{
attackers.Add (nodes.Get (i));
}
Ptr<Node> victim = nodes.Get (nAttackers);
PointToPointHelper pointToPoint;
pointToPoint.SetDeviceAttribute (“DataRate”, StringValue (“5Mbps”));
pointToPoint.SetChannelAttribute (“Delay”, StringValue (“2ms”));
NetDeviceContainer devices;
for (uint32_t i = 0; i < nodes.GetN () – 1; ++i)
{
devices.Add (pointToPoint.Install (nodes.Get (i), nodes.Get (i + 1)));
}
InternetStackHelper stack;
stack.Install (nodes);
Ipv4AddressHelper address;
address.SetBase (“10.1.1.0”, “255.255.255.0”);
Ipv4InterfaceContainer interfaces = address.Assign (devices);
// Install applications on victim node
UdpEchoServerHelper echoServer (port);
ApplicationContainer serverApps = echoServer.Install (victim);
serverApps.Start (Seconds (1.0));
serverApps.Stop (Seconds (10.0));
// Schedule SYN flood attack from each attacker node
for (uint32_t i = 0; i < attackers.GetN (); ++i)
{
Simulator::Schedule (Seconds (2.0), &SendSynFlood, attackers.Get (i), interfaces.GetAddress (nodes.GetN () – 1), port, packetSize, numPackets, interval);
}
// Enable packet capture
pointToPoint.EnablePcapAll (“syn_flood_attack”);
Simulator::Run ();
Simulator::Destroy ();
return 0;
}
- ICMP Flood Attack
In ICMP Flood we have to send a large number of ICMP Echo Request packets (pings) to a target to overwhelm it.
Example:
#include “ns3/core-module.h”
#include “ns3/network-module.h”
#include “ns3/internet-module.h”
#include “ns3/point-to-point-module.h”
#include “ns3/applications-module.h”
#include “ns3/icmpv4-header.h”
using namespace ns3;
NS_LOG_COMPONENT_DEFINE (“IcmpFloodAttack”);
void SendIcmpFlood (Ptr<Node> attackerNode, Ipv4Address victimAddress, uint32_t packetSize, uint32_t numPackets, Time interval)
{
Ptr<Socket> socket = Socket::CreateSocket (attackerNode, TypeId::LookupByName (“ns3::Ipv4RawSocketFactory”));
socket->SetAttribute (“Protocol”, UintegerValue (1)); // ICMP protocol number
Ipv4Header ipv4Header;
ipv4Header.SetDestination (victimAddress);
ipv4Header.SetSource (attackerNode->GetObject<Ipv4> ()->GetAddress (1, 0).GetLocal ());
ipv4Header.SetProtocol (1); // ICMP protocol number
Icmpv4Echo echo;
echo.SetSequenceNumber (1);
echo.SetIdentifier (1);
for (uint32_t i = 0; i < numPackets; ++i)
{
Ptr<Packet> packet = Create<Packet> (packetSize);
packet->AddHeader (echo);
packet->AddHeader (ipv4Header);
socket->Send (packet);
Simulator::Schedule (interval, &SendIcmpFlood, attackerNode, victimAddress, packetSize, numPackets, interval);
}
}
int main (int argc, char *argv[])
{
uint32_t nAttackers = 3;
uint32_t packetSize = 100;
uint32_t numPackets = 1000;
Time interval = Seconds (0.01);
CommandLine cmd;
cmd.AddValue (“nAttackers”, “Number of attacker nodes”, nAttackers);
cmd.AddValue (“packetSize”, “Size of ICMP packets”, packetSize);
cmd.AddValue (“numPackets”, “Number of ICMP packets”, numPackets);
cmd.AddValue (“interval”, “Interval between ICMP packets”, interval);
cmd.Parse (argc, argv);
NodeContainer nodes;
nodes.Create (nAttackers + 1);
NodeContainer attackers;
for (uint32_t i = 0; i < nAttackers; ++i)
{
attackers.Add (nodes.Get (i));
}
Ptr<Node> victim = nodes.Get (nAttackers);
PointToPointHelper pointToPoint;
pointToPoint.SetDeviceAttribute (“DataRate”, StringValue (“5Mbps”));
pointToPoint.SetChannelAttribute (“Delay”, StringValue (“2ms”));
NetDeviceContainer devices;
for (uint32_t i = 0; i < nodes.GetN () – 1; ++i)
{
devices.Add (pointToPoint.Install (nodes.Get (i), nodes.Get (i + 1)));
}
InternetStackHelper stack;
stack.Install (nodes);
Ipv4AddressHelper address;
address.SetBase (“10.1.1.0”, “255.255.255.0”);
Ipv4InterfaceContainer interfaces = address.Assign (devices);
// Schedule ICMP flood
- ARP Spoofing Attack
In ARP Spoofing attack we have to send fake ARP messages to associate the attacker’s MAC address with the IP address of another host.
Example:
#include “ns3/core-module.h”
#include “ns3/network-module.h”
#include “ns3/internet-module.h”
#include “ns3/point-to-point-module.h”
#include “ns3/applications-module.h”
#include “ns3/arp-cache.h”
#include “ns3/arp-header.h”
#include “ns3/ethernet-header.h”
#include “ns3/ipv4-address.h”
using namespace ns3;
NS_LOG_COMPONENT_DEFINE (“ArpSpoofingAttack”);
void SendArpSpoof (Ptr<Node> attackerNode, Mac48Address targetMac, Ipv4Address targetIp, Ipv4Address spoofedIp)
{
Ptr<Socket> socket = Socket::CreateSocket (attackerNode, TypeId::LookupByName (“ns3::ArpL3Protocol”));
socket->Bind ();
ArpHeader arpHeader;
arpHeader.SetOpcode (ArpHeader::ARP_REPLY);
arpHeader.SetSenderMacAddress (Mac48Address::ConvertFrom (attackerNode->GetDevice (0)->GetAddress ()));
arpHeader.SetSenderIpAddress (spoofedIp);
arpHeader.SetTargetMacAddress (targetMac);
arpHeader.SetTargetIpAddress (targetIp);
EthernetHeader ethernetHeader;
ethernetHeader.SetSource (Mac48Address::ConvertFrom (attackerNode->GetDevice (0)->GetAddress ()));
ethernetHeader.SetDestination (targetMac);
ethernetHeader.SetType (EthernetHeader::ARP);
Ptr<Packet> packet = Create<Packet> ();
packet->AddHeader (arpHeader);
packet->AddHeader (ethernetHeader);
socket->SendTo (packet, 0, InetSocketAddress (targetIp));
}
int main (int argc, char *argv[])
{
uint32_t nAttackers = 1;
uint32_t nVictims = 2;
CommandLine cmd;
cmd.AddValue (“nAttackers”, “Number of attacker nodes”, nAttackers);
cmd.AddValue (“nVictims”, “Number of victim nodes”, nVictims);
cmd.Parse (argc, argv);
NodeContainer nodes;
nodes.Create (nAttackers + nVictims);
NodeContainer attackers;
for (uint32_t i = 0; i < nAttackers; ++i)
{
attackers.Add (nodes.Get (i));
}
NodeContainer victims;
for (uint32_t i = nAttackers; i < nAttackers + nVictims; ++i)
{
victims.Add (nodes.Get (i));
}
PointToPointHelper pointToPoint;
pointToPoint.SetDeviceAttribute (“DataRate”, StringValue (“5Mbps”));
pointToPoint.SetChannelAttribute (“Delay”, StringValue (“2ms”));
NetDeviceContainer devices;
for (uint32_t i = 0; i < nodes.GetN () – 1; ++i)
{
devices.Add (pointToPoint.Install (nodes.Get (i), nodes.Get (i + 1)));
}
InternetStackHelper stack;
stack.Install (nodes);
Ipv4AddressHelper address;
address.SetBase (“10.1.1.0”, “255.255.255.0”);
Ipv4InterfaceContainer interfaces = address.Assign (devices);
// Schedule ARP spoofing attack from attacker node
Simulator::Schedule (Seconds (2.0), &SendArpSpoof, attackers.Get (0),
Mac48Address::ConvertFrom (victims.Get (0)->GetDevice (0)->GetAddress ()),
interfaces.GetAddress (nAttackers),
interfaces.GetAddress (nAttackers + 1));
// Enable packet capture
pointToPoint.EnablePcapAll (“arp_spoofing_attack”);
Simulator::Run ();
Simulator::Destroy ();
return 0;
}
Explanation
- Nodes and links :
Nodes are created for attackers and victims. Point-to-point links between nodes are configured.
- Applications :
On victim node, applications are installed to simulate normal network activity.
- Attack logic :
To create and send attack packets (SYN, ICMP, ARP) from the attacker node to the victim node, functions are implemented. To start at a specific time in the simulation, we scheduled the attack.
- Packet Capture :
To capture the traffic for analysis with Wireshark, pcap tracing on all nodes is enabled.
- Running the Simulation :
The simulation runs with attacker node sending packets to the victim node, and the traffic is captured in pcap files.
We had successfully learned on implementing network attack in ns3 by simulating a network topology, creating legitimate traffic, and then introducing attack logic from an attacker node using network attacks such as SYN Flood, ICMP Flood, and ARP Spoofing.
Network Attacks in ns3 simulation are spared by us, we provide best programming results for network attacks for SYN Flood, ICMP Flood, and ARP Spoofing with best results.