How to Creation of Flooding Attack in NS2 AODV ?
Short Note on Flooding Attack :
Malicious Node will create a more no of RREQ to a node, which is even doesn't exist in the network topology. This is how malicious node, start to flood the request in the network. The purpose of this attack is to consume the network bandwidth and to exhaust the network resources all the time.
Steps :
> In aodv.h,
i) #define FLOOD_INTERVAL 0.09
ii) Add this, after BroadcastTimer class
class FloodTimer : public Handler
{
public:
FloodTimer(AODV* a): agent(a){}
void handle(Event*);
private:
AODV *agent;
Event intr;
};
iii) class AODV: public Agent
{
...........
...........
friend class FloodTimer;
...........
Protected:
............
/*
* Packet TX Routines
*/
void FloodRREQ(nsaddr_t dst);
............
nsaddr_t index; // IP Address of this node
u_int32_t seqno; // Sequence Number
int bid; // Broadcast ID
bool flooder;
/*
* Timers
*/
FloodTimer ftimer;
............
};
> In aodv.cc,
i) int AODV::command(int argc, const char*const* argv)
{
if(argc == 2)
{
Tcl& tcl = Tcl::instance();
if(strncasecmp(argv[1], "id", 2) == 0)
{
tcl.resultf("%d", index);
return TCL_OK;
}
if(strcmp(argv[1], "flooder") == 0)
{
flooder = true;
return TCL_OK;
}
if(strncasecmp(argv[1], "start", 2) == 0)
{
........
ftimer.handle((Event*) 0);
........
}
........
}
..........
}
ii) Add ftimer(this) and flooder = false,
AODV::AODV(nsaddr_t id) : Agent(PT_AODV),
btimer(this), htimer(this), ntimer(this),
rtimer(this), lrtimer(this), ftimer(this), rqueue()
{
........
flooder=false;
........
}
iii) In Timers, add FloodTimer()
void FloodTimer::handle(Event*)
{
if (agent->flooder==true)
{
agent->FloodRREQ(99);
// index will be a attacker, flood attacker !
}
Scheduler::instance().schedule(this, &intr, FLOOD_INTERVAL);
}
iv) After void AODV::SendRequest(nsaddr_t dst) function add this,
void AODV::FloodRREQ(nsaddr_t dst)
{
Packet *p = Packet::alloc();
struct hdr_cmn *ch = HDR_CMN(p);
struct hdr_ip *ih = HDR_IP(p);
struct hdr_aodv_request *rq = HDR_AODV_REQUEST(p);
aodv_rt_entry *rt = rtable.rt_lookup(dst);
printf("\n***** 'in FloodRREQ' at node::%d*****\n",index);
// rtable.rt_display(index);
// Fill out the RREQ packet
// ch->uid() = 0;
ch->ptype() = PT_AODV;
ch->size() = IP_HDR_LEN + rq->size();
ch->iface() = -2;
ch->error() = 0;
ch->addr_type() = NS_AF_NONE;
ch->prev_hop_ = index;
ih->saddr() = index;
ih->daddr() = IP_BROADCAST;
ih->sport() = RT_PORT;
ih->dport() = RT_PORT;
ih->ttl_ = NETWORK_DIAMETER;
rq->rq_type = AODVTYPE_RREQ;
rq->rq_hop_count = 1;
rq->rq_bcast_id = bid++;
rq->rq_dst = dst;
static int flood=0,num=0;
if(flood==0)
{
num=(rt ? rt->rt_seqno : 0);
flood=1;
}
rq->rq_dst_seqno = num;
rq->rq_src = index;
seqno += 2;
assert ((seqno%2) == 0);
rq->rq_src_seqno = seqno;
rq->rq_timestamp = CURRENT_TIME;
num=num+2;
Scheduler::instance().schedule(target_, p, 0.);
}
> In tcl file
i) At the end, add this code to make a node as flooder
$ns at 0.0 "[$node_(0) set ragent_] flooder"
Now, node 0 will create a RREQ to node 99 ( which doesn't exist in the network ) for every 0.09 seconds.
{
if(argc == 2)
{
Tcl& tcl = Tcl::instance();
if(strncasecmp(argv[1], "id", 2) == 0)
{
tcl.resultf("%d", index);
return TCL_OK;
}
if(strcmp(argv[1], "flooder") == 0)
{
flooder = true;
return TCL_OK;
}
if(strncasecmp(argv[1], "start", 2) == 0)
{
........
ftimer.handle((Event*) 0);
........
}
........
}
..........
}
ii) Add ftimer(this) and flooder = false,
AODV::AODV(nsaddr_t id) : Agent(PT_AODV),
btimer(this), htimer(this), ntimer(this),
rtimer(this), lrtimer(this), ftimer(this), rqueue()
{
........
flooder=false;
........
}
iii) In Timers, add FloodTimer()
void FloodTimer::handle(Event*)
{
if (agent->flooder==true)
{
agent->FloodRREQ(99);
// index will be a attacker, flood attacker !
}
Scheduler::instance().schedule(this, &intr, FLOOD_INTERVAL);
}
iv) After void AODV::SendRequest(nsaddr_t dst) function add this,
void AODV::FloodRREQ(nsaddr_t dst)
{
Packet *p = Packet::alloc();
struct hdr_cmn *ch = HDR_CMN(p);
struct hdr_ip *ih = HDR_IP(p);
struct hdr_aodv_request *rq = HDR_AODV_REQUEST(p);
aodv_rt_entry *rt = rtable.rt_lookup(dst);
printf("\n***** 'in FloodRREQ' at node::%d*****\n",index);
// rtable.rt_display(index);
// Fill out the RREQ packet
// ch->uid() = 0;
ch->ptype() = PT_AODV;
ch->size() = IP_HDR_LEN + rq->size();
ch->iface() = -2;
ch->error() = 0;
ch->addr_type() = NS_AF_NONE;
ch->prev_hop_ = index;
ih->saddr() = index;
ih->daddr() = IP_BROADCAST;
ih->sport() = RT_PORT;
ih->dport() = RT_PORT;
ih->ttl_ = NETWORK_DIAMETER;
rq->rq_type = AODVTYPE_RREQ;
rq->rq_hop_count = 1;
rq->rq_bcast_id = bid++;
rq->rq_dst = dst;
static int flood=0,num=0;
if(flood==0)
{
num=(rt ? rt->rt_seqno : 0);
flood=1;
}
rq->rq_dst_seqno = num;
rq->rq_src = index;
seqno += 2;
assert ((seqno%2) == 0);
rq->rq_src_seqno = seqno;
rq->rq_timestamp = CURRENT_TIME;
num=num+2;
Scheduler::instance().schedule(target_, p, 0.);
}
> In tcl file
i) At the end, add this code to make a node as flooder
$ns at 0.0 "[$node_(0) set ragent_] flooder"
Now, node 0 will create a RREQ to node 99 ( which doesn't exist in the network ) for every 0.09 seconds.
Possible errors with comments
- Despite doing the above changes there is no flooding....throughput remains same in the absence and presence of attackers....Please tell why the flooding is not working despite incorporating all the changes@soma, did you set the path while installing ns2 ( after ./install ).
The above code works fine.3. Sir, I have done all these stil the flooding does not work in the presence or absence of attackers...please check the wireless-flooding.tcl in tcl /ex files....if you calculate throughput it is the same in all cases...besides i have also done all the changes in the website and when i run the corresponding tcl file the flooding does not work....the presence of attackers in the tcl file by writing it with ragent does not do any work
Moreover when i add the following line $ns at 0.0 "[$node_(0) set ragent_] flooder" in the tcl code it shows error
num_nodes is set 25
INITIALIZE THE LIST xListHead
(_o5 cmd line 1)
invoked from within
"_o5 cmd at 0.0\" _o17 flooder\""
invoked from within
"catch "$self cmd $args" ret"
invoked from within
"if [catch "$self cmd $args" ret] {
set cls [$self info class]
global errorInfo
set savedInfo $errorInfo
error "error when calling class $cls: $args" $..."
(procedure "_o5" line 2)
(SplitObject unknown line 2)
invoked from within
"_o5 at 0.0\" _o17 flooder\""
("eval" body line 1)
invoked from within
"eval $scheduler_ at $args"
(procedure "_o3" line 3)
(Simulator at line 3)
invoked from within
"$ns at 0.0" [$n0 set ragent_] flooder""
(file "bla_ck.tcl" line 193)
So to remove the error i have to remove the space from the line $ns at 0.0 "[$node_(0) set ragent_] flooder" and remove all spaces and write it as :-
$ns at 0.0"[$node_(0) set ragent_]flooder"
When the line is written as above one then only the tcl file works , still the effect of modifying lines in the aodv.cc and aodv.h are not visible and there is no flooding - Sir,
the problem is solved by modifying some of these things :
1 ) In aodv.h
//Protected
int initialized() { return 1 && target_; }
bool flooder; /*add this In line 223*/
2 ) In aodv.cc
int AODV::command(int argc, const char*const* argv) {
.......
/*add this line */ if(strcmp(argv[1], "malicious") == 0) {
//if(strncasecmp(argv[1], " flooder ") == 0) {
flooder = true; // add this
return TCL_OK; //add this
}
3 ) In tcl file add this
$ns at 0.0 "[$n0 set ragent_] malicious"
For rest the changes are as according which you suggested above in your blog@soma, Its nice to hear you find out solution for your problem. though i find out the problem in your file.so, you did the mistake here
if(strcmp(argv[1], " flooder ") == 0).
You used space in the flooder string. It should be like this, if(strcmp(argv[1], "flooder") == 0).
no need to change anything else. If its helpful.Hi sir
how can i modify agent->FloodRREQ(99) for my simulation@mouna, What are your requirements...??? What are you trying...???sir can you please guide me for flooding in wireless sensor network code.. - sir can you help to remove this errors
aodv/aodv.cc: In member function ‘virtual void FloodTimer::handle(Event*)’:
aodv/aodv.cc:203:54: error: invalid operands of types ‘’ and ‘int’ to binary ‘operator==’
aodv/aodv.cc: In member function ‘void AODV::forward(aodv_rt_entry*, Packet*, double)’:
aodv/aodv.cc:1115:33: warning: suggest parentheses around ‘&&’ within ‘||’ [-Wparentheses]
aodv/aodv.cc: In member function ‘void AODV::FloodRREQ(nsaddr_t)’:
aodv/aodv.cc:1311:61: error: ‘num’ was not declared in this scope
aodv/aodv.cc:1288:56: warning: unused variable ‘rt’ [-Wunused-variable]
aodv/aodv.cc: At global scope:
aodv/aodv.cc:46:12: warning: ‘extra_route_reply’ defined but not used [-Wunused-variable]
aodv/aodv.cc:47:12: warning: ‘limit_route_request’ defined but not used [-Wunused-variable]
make: *** [aodv/aodv.o] Error 1check properly the parenthesis and put it in the parenthesis( you need to check it and close it propoerly )... after this run i) make clean ii) make - INITIALIZE THE LIST xListHead
ns: _o17 flooder:
(_o17 cmd line 1)
invoked from within
"_o17 cmd flooder"
invoked from within
"catch "$self cmd $args" ret"
invoked from within
"if [catch "$self cmd $args" ret] {
set cls [$self info class]
global errorInfo
set savedInfo $errorInfo
error "error when calling class $cls: $args" $..."
(procedure "_o17" line 2)
(SplitObject unknown line 2)
invoked from within
"_o17 flooder"
please hellp me with this error can anyone help me on this
pleaselook above the comments published earlier by me and try it out... your problem will be solved - @Imran, I feels that the number of packet sent and recieved count during flooding attack, should be taken at RTR(Network layer) from tr file, the number of packet sent and recieved count during without flooding attack, should be taken at AGT(Application layer) from tr file.......then only we can compare the flooding attack...is it so?????@siddu, flooding attack can be found by the number of RREQs send by a node to other node within a period. You meant finding the flooder node right...? Hope, it helps.
- Hi there i did all the things it explains but still the tcl file run but without the run of nam so nothing happened please could anybody help me.@Reem kadi, there isn't much info. Is your nam not running or are you getting any errors...???sir, Is it possible to detect sip flooding attack using ns2 tool?@Ranjini Ramachandran, can you give me a short brief about sip flooding attack.? SIP is application level protocol isn't it...???@Naveen, i thing you can do that. Just visualise the functionality of dymo protocol and then apply the same what we have done for AODV protocol. Hope this helps in a way.
- @Naveen, no one going to provide code for your needs. You gotta connect everything and for calculating trust, i guess you already have well defined reasonable formula. if not, go through some of the IEEE, ACM trust papers. Choosing path which is trustable, i guess this needs well defined idea. That said, excluding malicious path is an easy one. and i am glad, you have done your work on your own.
$ns at 0.0 "[$node_(0) set ragent_] flooder"
$ns at 0.0 "[$node_(4) set ragent_] flooder"
now, node 0 and node 4 will act as flooder.