How to Start Fragmentation Attack Projects Using NS3

To start fragmentation attack using NS3 that can be replicated the scenarios in which an attacker utilises fragmented packets to avoid firewalls or intrusion detection systems, or consuming resources. Fragmentation attacks can contain fragmentation buffer overflow overlapping fragments, and tiny fragments.

Below is a simple technique to replicate a fragmentation attack using NS3:

Steps to Start Fragmentation Attack Projects in NS3

  1. Set Up NS3
  • We should install and build NS3:

./waf configure

./waf build

  • Verify the installation:

./waf –run hello-simulator

  1. Understand Fragmentation Attacks
  • Fragmentation Overview:
    • A fragmentation attack influences packets are broken and reassembled.
  • Types of Fragmentation Attacks:
    • Overlapping Fragments: Overlapping fragments complicate the reassembly.
    • Tiny Fragments: Small fragments avoid the firewall rules.
    • Fragmentation Buffer Overflow: Consume buffer space by transmitting several fragments.
  1. Define the Network Topology
  • Network Setup:
    • Legitimate Nodes: Typical clients and servers.
    • Attacker Node: Make use of fragmentation vulnerabilities.
  • Example Topology:

NodeContainer clientNode, serverNode, attackerNode;

clientNode.Create(1);    // Client node

serverNode.Create(1);    // Server node

attackerNode.Create(1);  // Malicious attacker

PointToPointHelper p2p;

p2p.SetDeviceAttribute(“DataRate”, StringValue(“10Mbps”));

p2p.SetChannelAttribute(“Delay”, StringValue(“2ms”));

// Connect nodes

NetDeviceContainer devices1 = p2p.Install(NodeContainer(clientNode.Get(0), serverNode.Get(0)));

NetDeviceContainer devices2 = p2p.Install(NodeContainer(attackerNode.Get(0), serverNode.Get(0)));

  1. Assign IP Addresses
  • We need to install the Internet stack and then allocate an IP addresses.

InternetStackHelper stack;

stack.Install(clientNode);

stack.Install(serverNode);

stack.Install(attackerNode);

Ipv4AddressHelper address;

address.SetBase(“10.1.1.0”, “255.255.255.0”);

address.Assign(devices1);

address.SetBase(“10.1.2.0”, “255.255.255.0”);

address.Assign(devices2);

  1. Simulate Legitimate Communication
  • Insert traffic among the client and the server.

uint16_t port = 9;

UdpEchoServerHelper echoServer(port);

ApplicationContainer serverApp = echoServer.Install(serverNode.Get(0));

serverApp.Start(Seconds(1.0));

serverApp.Stop(Seconds(10.0));

UdpEchoClientHelper echoClient(Ipv4Address(“10.1.1.1”), port);

echoClient.SetAttribute(“MaxPackets”, UintegerValue(50));

echoClient.SetAttribute(“Interval”, TimeValue(Seconds(0.1)));

echoClient.SetAttribute(“PacketSize”, UintegerValue(1024));

ApplicationContainer clientApps = echoClient.Install(clientNode.Get(0));

clientApps.Start(Seconds(2.0));

clientApps.Stop(Seconds(10.0));

  1. Simulate the Fragmentation Attack

6.1 Overlapping Fragments

  • The attacker transmits the overlapping fragments to complicate reassembly.

void OverlappingFragmentAttack(Ptr<Node> attacker, Ipv4Address targetAddress, uint16_t port) {

Ptr<Socket> socket = Socket::CreateSocket(attacker, TypeId::LookupByName(“ns3::Ipv4RawSocketFactory”));

InetSocketAddress remote = InetSocketAddress(targetAddress, port);

socket->Connect(remote);

for (int i = 0; i < 3; ++i) {  // Example: 3 overlapping fragments

Ptr<Packet> fragment = Create<Packet>(512);  // Fragment size

Ipv4Header ipv4Header;

ipv4Header.SetFragmentOffset(i == 1 ? 256 : i * 512);  // Overlapping offset for second fragment

ipv4Header.SetIdentification(1);

ipv4Header.SetFlags(Ipv4Header::MF);

fragment->AddHeader(ipv4Header);

socket->Send(fragment);

}

}

Simulator::Schedule(Seconds(3.0), &OverlappingFragmentAttack, attackerNode.Get(0), Ipv4Address(“10.1.1.1”), 9);

6.2 Tiny Fragments

  • The attacker transmits small fragments uncommonly.

void TinyFragmentAttack(Ptr<Node> attacker, Ipv4Address targetAddress, uint16_t port) {

Ptr<Socket> socket = Socket::CreateSocket(attacker, TypeId::LookupByName(“ns3::Ipv4RawSocketFactory”));

InetSocketAddress remote = InetSocketAddress(targetAddress, port);

socket->Connect(remote);

for (int i = 0; i < 10; ++i) {  // Example: 10 tiny fragments

Ptr<Packet> fragment = Create<Packet>(64);  // Tiny fragment size

Ipv4Header ipv4Header;

ipv4Header.SetFragmentOffset(i * 64);

ipv4Header.SetIdentification(1);

ipv4Header.SetFlags(Ipv4Header::MF);

fragment->AddHeader(ipv4Header);

socket->Send(fragment);

}

}

Simulator::Schedule(Seconds(4.0), &TinyFragmentAttack, attackerNode.Get(0), Ipv4Address(“10.1.1.1”), 9);

6.3 Fragmentation Buffer Overflow

  • The attacker transmits several fragments consuming the reassembly buffer.

void FragmentationBufferOverflow(Ptr<Node> attacker, Ipv4Address targetAddress, uint16_t port) {

Ptr<Socket> socket = Socket::CreateSocket(attacker, TypeId::LookupByName(“ns3::Ipv4RawSocketFactory”));

InetSocketAddress remote = InetSocketAddress(targetAddress, port);

socket->Connect(remote);

for (int i = 0; i < 1000; ++i) {  // Flood the buffer with fragments

Ptr<Packet> fragment = Create<Packet>(512);

Ipv4Header ipv4Header;

ipv4Header.SetFragmentOffset(i * 512);

ipv4Header.SetIdentification(1);

ipv4Header.SetFlags(Ipv4Header::MF);

fragment->AddHeader(ipv4Header);

socket->Send(fragment);

}

}

Simulator::Schedule(Seconds(5.0), &FragmentationBufferOverflow, attackerNode.Get(0), Ipv4Address(“10.1.1.1”), 9);

  1. Enable Packet Tracing
  • For analysis, seize packets within Wireshark to utilize PCAP tracing.

PointToPointHelper p2p;

p2p.EnablePcapAll(“fragmentation-attack”);

  1. Run the Simulation
  • Now, we can compile and run the simulation using the below command:

./waf –run fragmentation-attack

  1. Analyze the Attack
  • Go to the .pcap file within Wireshark:

wireshark fragmentation-attack-0-0.pcap

  • Detect fragmented packets to utilize filters:
    • IP Fragments: ip.frag_offset > 0 || ip.flags.mf == 1
    • Overlapping Fragments: It supports to examine the fragment offsets.
  1. Implement Mitigation
  • Defragmentation Inspection:
    • For overlaps or anomalies, to reassemble fragments and examine.
  • Fragmentation Limits:
    • Stop packets including several fragments or small fragments unusually.
  • Firewall Rules:
    • Obstruct the suspicious fragment patterns.
  1. Evaluate Metrics
  • Estimate the effect of the attack:
    • Reassembly Errors: Measure the volume of malformed packets by reason of overlapping fragments.
    • Buffer Exhaustion: Influence over memory usage.
    • Packet Delivery Ratio (PDR): We compute the impact on legitimate traffic.
  1. Extend the Simulation
  • Experiment various attack intensities like fragment sizes, rates.
  • We need to replicate the defenses such as intrusion detection systems (IDS) or improved firewalls.

In this setup, we offered a detailed context for replicating the fragmentation attacks using NS3 simulation tool. Additional guidance will also be presented in another tool if required.

Our team is here to help you brainstorm and come up with the best project ideas and topics. If you’re having trouble figuring out how to kick off Fragmentation Attack Projects using the NS3 tool, you can count on the researchers at phdprojects.org to complete your projects effectively and with top-notch quality. We also focus on issues like fragmentation buffer overflow, overlapping fragments, and tiny fragments