MRECW Students E- Learning Point Computer Security Student (CSS)

Sunday 2 November 2014

How to Creation of Flooding Attack in NS2 AODV ?

Short Note on Flooding Attack :

Malicious Node will create a more no of RREQ to a node, which is even doesn't exist in the network topology. This is how malicious node, start to flood the request in the network. The purpose of this attack is to consume the network bandwidth and to exhaust the network resources all the time.

Steps :

> In aodv.h,

i) #define FLOOD_INTERVAL 0.09

ii) Add this, after BroadcastTimer class

class FloodTimer : public Handler

{

public:

FloodTimer(AODV* a): agent(a){}

void handle(Event*);

private:

AODV *agent;

Event intr;

};

iii) class AODV: public Agent

{

...........

friend class FloodTimer;

...........

Protected:

............

* Packet TX Routines

void FloodRREQ(nsaddr_t dst);

............

nsaddr_t index; // IP Address of this node

u_int32_t seqno; // Sequence Number

int bid; // Broadcast ID

bool flooder;

* Timers

FloodTimer ftimer;

............

};

> In aodv.cc,

i) int AODV::command(int argc, const char*const* argv)
{
if(argc == 2)
{
Tcl& tcl = Tcl::instance();

if(strncasecmp(argv[1], "id", 2) == 0)
{
tcl.resultf("%d", index);
   return TCL_OK;
}

if(strcmp(argv[1], "flooder") == 0)
{
  flooder = true;
  return TCL_OK;
}

if(strncasecmp(argv[1], "start", 2) == 0)
  {
........
ftimer.handle((Event*) 0);
   ........
}
........
}
..........
}

ii) Add ftimer(this) and flooder = false,

  AODV::AODV(nsaddr_t id) : Agent(PT_AODV),
btimer(this), htimer(this), ntimer(this),
rtimer(this), lrtimer(this), ftimer(this), rqueue()
{
   ........
flooder=false;
  ........
}

  iii) In Timers, add FloodTimer()

void FloodTimer::handle(Event*)
{
if (agent->flooder==true)
{
agent->FloodRREQ(99);
// index will be a attacker, flood attacker !
}
Scheduler::instance().schedule(this, &intr, FLOOD_INTERVAL);
}

iv) After void AODV::SendRequest(nsaddr_t dst) function add this,

void AODV::FloodRREQ(nsaddr_t dst)
{
Packet *p = Packet::alloc();
struct hdr_cmn *ch = HDR_CMN(p);
struct hdr_ip *ih = HDR_IP(p);
  struct hdr_aodv_request *rq = HDR_AODV_REQUEST(p);
  aodv_rt_entry *rt = rtable.rt_lookup(dst);

printf("\n***** 'in FloodRREQ' at node::%d*****\n",index);
  // rtable.rt_display(index);
// Fill out the RREQ packet
// ch->uid() = 0;
   ch->ptype() = PT_AODV;
   ch->size() = IP_HDR_LEN + rq->size();
   ch->iface() = -2;
ch->error() = 0;
   ch->addr_type() = NS_AF_NONE;
ch->prev_hop_ = index;

   ih->saddr() = index;
   ih->daddr() = IP_BROADCAST;
  ih->sport() = RT_PORT;
ih->dport() = RT_PORT;
ih->ttl_ = NETWORK_DIAMETER;
   rq->rq_type = AODVTYPE_RREQ;
rq->rq_hop_count = 1;
rq->rq_bcast_id = bid++;
rq->rq_dst = dst;
static int flood=0,num=0;
if(flood==0)
{
  num=(rt ? rt->rt_seqno : 0);
flood=1;
}
rq->rq_dst_seqno = num;
rq->rq_src = index;
seqno += 2;
assert ((seqno%2) == 0);
rq->rq_src_seqno = seqno;
rq->rq_timestamp = CURRENT_TIME;
num=num+2;
Scheduler::instance().schedule(target_, p, 0.);
}

> In tcl file
i) At the end, add this code to make a node as flooder
$ns at 0.0 "[$node_(0) set ragent_] flooder"

Now, node 0 will create a RREQ to node 99 ( which doesn't exist in the network ) for every 0.09 seconds.

Possible errors with comments

Please tell about the tcl file for flooding which has to be written after modifying the tcl files

How can i add more than 1 flooding node

you only need to add another line in tcl file that's it.
$ns at 0.0 "[$node_(0) set ragent_] flooder"
$ns at 0.0 "[$node_(4) set ragent_] flooder"
now, node 0 and node 4 will act as flooder.
Despite doing the above changes there is no flooding....throughput remains same in the absence and presence of attackers....Please tell why the flooding is not working despite incorporating all the changes

@soma, did you set the path while installing ns2 ( after ./install ).
The above code works fine.

3. Sir, I have done all these stil the flooding does not work in the presence or absence of attackers...please check the wireless-flooding.tcl in tcl /ex files....if you calculate throughput it is the same in all cases...besides i have also done all the changes in the website and when i run the corresponding tcl file the flooding does not work....the presence of attackers in the tcl file by writing it with ragent does not do any work

Moreover when i add the following line $ns at 0.0 "[$node_(0) set ragent_] flooder" in the tcl code it shows error
num_nodes is set 25
INITIALIZE THE LIST xListHead

(_o5 cmd line 1)
invoked from within
"_o5 cmd at 0.0\" _o17 flooder\""
invoked from within
"catch "$self cmd $args" ret"
invoked from within
"if [catch "$self cmd $args" ret] {
set cls [$self info class]
global errorInfo
set savedInfo $errorInfo
error "error when calling class $cls: $args" $..."
(procedure "_o5" line 2)
(SplitObject unknown line 2)
invoked from within
"_o5 at 0.0\" _o17 flooder\""
("eval" body line 1)
invoked from within
"eval $scheduler_ at $args"
(procedure "_o3" line 3)
(Simulator at line 3)
invoked from within
"$ns at 0.0" [$n0 set ragent_] flooder""
(file "bla_ck.tcl" line 193)

So to remove the error i have to remove the space from the line $ns at 0.0 "[$node_(0) set ragent_] flooder" and remove all spaces and write it as :-
$ns at 0.0"[$node_(0) set ragent_]flooder"

When the line is written as above one then only the tcl file works , still the effect of modifying lines in the aodv.cc and aodv.h are not visible and there is no flooding
Hello Imran I need a tcl script to simulate a wired network with flooding DDos attack...Thanks

@rajeshwar, ns-2.35/tcl/ex/flooding.tcl file will work good.
Sir,
the problem is solved by modifying some of these things :
1 ) In aodv.h
//Protected
int initialized() { return 1 && target_; }
bool flooder; /*add this In line 223*/
2 ) In aodv.cc
int AODV::command(int argc, const char*const* argv) {
.......
/*add this line */ if(strcmp(argv[1], "malicious") == 0) {
//if(strncasecmp(argv[1], " flooder ") == 0) {
flooder = true; // add this
return TCL_OK; //add this
}
3 ) In tcl file add this
$ns at 0.0 "[$n0 set ragent_] malicious"

For rest the changes are as according which you suggested above in your blog

@soma, Its nice to hear you find out solution for your problem. though i find out the problem in your file.so, you did the mistake here
if(strcmp(argv[1], " flooder ") == 0).
You used space in the flooder string. It should be like this, if(strcmp(argv[1], "flooder") == 0).
no need to change anything else. If its helpful.

Hi sir
how can i modify agent->FloodRREQ(99) for my simulation

@mouna, What are your requirements...??? What are you trying...???

sir can you please guide me for flooding in wireless sensor network code..
sir can you help to remove this errors

aodv/aodv.cc: In member function ‘virtual void FloodTimer::handle(Event*)’:
aodv/aodv.cc:203:54: error: invalid operands of types ‘’ and ‘int’ to binary ‘operator==’
aodv/aodv.cc: In member function ‘void AODV::forward(aodv_rt_entry*, Packet*, double)’:
aodv/aodv.cc:1115:33: warning: suggest parentheses around ‘&&’ within ‘||’ [-Wparentheses]
aodv/aodv.cc: In member function ‘void AODV::FloodRREQ(nsaddr_t)’:
aodv/aodv.cc:1311:61: error: ‘num’ was not declared in this scope
aodv/aodv.cc:1288:56: warning: unused variable ‘rt’ [-Wunused-variable]
aodv/aodv.cc: At global scope:
aodv/aodv.cc:46:12: warning: ‘extra_route_reply’ defined but not used [-Wunused-variable]
aodv/aodv.cc:47:12: warning: ‘limit_route_request’ defined but not used [-Wunused-variable]
make: *** [aodv/aodv.o] Error 1

check properly the parenthesis and put it in the parenthesis( you need to check it and close it propoerly )... after this run i) make clean ii) make
INITIALIZE THE LIST xListHead
ns: _o17 flooder:
(_o17 cmd line 1)
invoked from within
"_o17 cmd flooder"
invoked from within
"catch "$self cmd $args" ret"
invoked from within
"if [catch "$self cmd $args" ret] {
set cls [$self info class]
global errorInfo
set savedInfo $errorInfo
error "error when calling class $cls: $args" $..."
(procedure "_o17" line 2)
(SplitObject unknown line 2)
invoked from within
"_o17 flooder"
please hellp me with this error can anyone help me on this
please

look above the comments published earlier by me and try it out... your problem will be solved
@Imran, I feels that the number of packet sent and recieved count during flooding attack, should be taken at RTR(Network layer) from tr file, the number of packet sent and recieved count during without flooding attack, should be taken at AGT(Application layer) from tr file.......then only we can compare the flooding attack...is it so?????

@siddu, flooding attack can be found by the number of RREQs send by a node to other node within a period. You meant finding the flooder node right...? Hope, it helps.
Hi there i did all the things it explains but still the tcl file run but without the run of nam so nothing happened please could anybody help me.

@Reem kadi, there isn't much info. Is your nam not running or are you getting any errors...???

sir, Is it possible to detect sip flooding attack using ns2 tool?

@Ranjini Ramachandran, can you give me a short brief about sip flooding attack.? SIP is application level protocol isn't it...???

@Naveen, i thing you can do that. Just visualise the functionality of dymo protocol and then apply the same what we have done for AODV protocol. Hope this helps in a way.
@Naveen, no one going to provide code for your needs. You gotta connect everything and for calculating trust, i guess you already have well defined reasonable formula. if not, go through some of the IEEE, ACM trust papers. Choosing path which is trustable, i guess this needs well defined idea. That said, excluding malicious path is an easy one. and i am glad, you have done your work on your own.

Node placement in ns2 AODV (or) Random Distribution of nodes in ns2 (or) Create a 100 nodes in ns2 AODV

How to place Random Placement of Nodes in MANET:

Placement of nodes in the topography can be static or uniform or random. In static method, we use a list of predefined values for nodes placement. But, in Random Distribution, nodes are placed randomly within the topography. Using rand() function, we can implement the random distribution of nodes placement in ns2. We can create any number of nodes using this method.

Code:

> In tcl file,
for { set j 0 } { $j < $val(nn) } { incr j } {
  set node_($j) [$ns node]
  $node_($j) set X_ [expr {rand()*1000}]
  $node_($j) set Y_ [expr {rand()*500}]
  $node_($j) set Z_ [expr {0.0}]
}

> The above code works for 1000 x 500 Topography.

Note :
rand() * 1000 gives values between 0 to 1000.

In Ns2 How to create your own packet

My own packet:

Since i am getting a lot of messages related to creating your own packet in aodv, i am going to write another post explaining about packet creation and how to add tracing information in cmu_trace.cc.

i) Create your own packet in aodv-packet.h

/* =====================================================================

Packet Formats...

===================================================================== */

#define AODVTYPE_HELLO 0x01

#define AODVTYPE_RREQ 0x02

#define AODVTYPE_RREP 0x04

#define AODVTYPE_RERR 0x08

#define AODVTYPE_RREP_ACK 0x10

#define AODVTYPE_MYREQ 0x20

#define AODVTYPE_MYREP 0x40

...

* AODV Routing Protocol Header Macros

#define HDR_AODV(p) ((struct hdr_aodv*)hdr_aodv::access(p))

#define HDR_AODV_REQUEST(p) ((struct hdr_aodv_request*)hdr_aodv::access(p))

#define HDR_AODV_REPLY(p) ((struct hdr_aodv_reply*)hdr_aodv::access(p))

///

#define HDR_AODV_MYREQUEST(p) ((struct hdr_aodv_myrequest*)hdr_aodv::access(p))

#define HDR_AODV_MYREPLY(p) ((struct hdr_aodv_myreply*)hdr_aodv::access(p))

....
....

struct hdr_aodv_myrequest {

u_int8_t rq_type; // Packet Type

u_int8_t reserved[2];

nsaddr_t rq_dst; // Destination IP Address

nsaddr_t rq_src; // Source IP Address

nsaddr_t trust_on; // Node on which, we want to know the trust

double rq_timestamp; // when REQUEST sent;

// used to compute route discovery latency

//#define RREQ_GRAT_RREP 0x80

inline int size() {

int sz = 0;

sz = sizeof(u_int8_t) // rq_type

+ 2*sizeof(u_int8_t) // reserved

+ sizeof(u_int8_t) // rq_hop_count

+ sizeof(double) // rq_timestamp

+ sizeof(u_int32_t) // rq_bcast_id

+ sizeof(nsaddr_t) // rq_dst

+ sizeof(u_int32_t) // rq_dst_seqno

+ sizeof(nsaddr_t) // rq_src

+ sizeof(u_int32_t); // rq_src_seqno

sz = 7*sizeof(u_int32_t);

assert (sz >= 0);

return sz;

}

};

struct hdr_aodv_myreply {

u_int8_t rp_type; // Packet Type

u_int8_t reserved[2];

nsaddr_t rp_dst; // Destination IP Address

nsaddr_t rp_src; // Source IP Address

nsaddr_t trust_on; // Node on which, we want to know the trust

double rp_lifetime; // Lifetime

double trust_val;

double rp_timestamp; // when corresponding REQ sent;

// used to compute route discovery latency

inline int size() {

int sz = 0;

sz = sizeof(u_int8_t) // rp_type

+ 2*sizeof(u_int8_t) // rp_flags + reserved

+ sizeof(u_int8_t) // rp_hop_count

+ sizeof(double) // rp_timestamp

+ sizeof(nsaddr_t) // rp_dst

+ sizeof(u_int32_t) // rp_dst_seqno

+ sizeof(nsaddr_t) // rp_src

+ sizeof(u_int32_t); // rp_lifetime

sz = 6*sizeof(u_int32_t);

assert (sz >= 0);

return sz;

}

};

....

ii) In aodv.cc

....

void AODV::recvAODV(Packet *p)

{

struct hdr_aodv *ah = HDR_AODV(p);

assert(HDR_IP (p)->sport() == RT_PORT);

assert(HDR_IP (p)->dport() == RT_PORT);

* Incoming Packets.

///

switch(ah->ah_type)

{

case AODVTYPE_RREQ:

recvRequest(p);

break;

case AODVTYPE_RREP:

recvReply(p);

break;

case AODVTYPE_MYREQ:

recvMyRequest(p);

break;

case AODVTYPE_MYREP:

recvMyReply(p);

break;

....
....

void AODV::recvMyRequest(Packet *p)

{

struct hdr_aodv_myrequest *rq = HDR_AODV_MYREQUEST(p);

// Get the trust value from rq->rq_dst i.e index

MobileNode *iNode;

iNode=(MobileNode *) (Node::get_node_by_address(index));

double tval = iNode->neigh_trust[rq->trust_on];

// Re-initialize the neighbor trust

iNode->neigh_trust[rq->trust_on] = 0;

sendMyReply(rq->rq_src, // IP Destination

index, // Dest IP Address

rq->trust_on, // Node on which, we want to know the trust

MY_ROUTE_TIMEOUT, // Lifetime

rq->rq_timestamp, // Timestamp

tval); // Trust value

Packet::free(p);

// drop the myreq packet and create a reply packet

}

void AODV::recvMyReply(Packet *p)

{

struct hdr_ip *ih = HDR_IP(p);

struct hdr_aodv_myreply *rp = HDR_AODV_MYREPLY(p);

temp_trust[rp->rp_src][rp->trust_on] = rp->trust_val;

fprintf(fp,"\n%d on %d is %lf by %d at %lf",rp->rp_src,rp->trust_on,rp->trust_val,index,CURRENT_TIME);

Packet::free(p);

}

....

void AODV::sendMyRequest(nsaddr_t dst, nsaddr_t trust_n)

{

// printf("\nsend trust req to %d %d by %d at %lf\n",dst,trust_n,index,CURRENT_TIME);

// Allocate a RREQ packet

Packet *p = Packet::alloc();

struct hdr_cmn *ch = HDR_CMN(p);

struct hdr_ip *ih = HDR_IP(p);

struct hdr_aodv_myrequest *rq = HDR_AODV_MYREQUEST(p);

// Fill out the MYREQ packet

// ch->uid() = 0;

ch->ptype() = PT_AODV;

ch->size() = IP_HDR_LEN + rq->size();

ch->iface() = -2;

ch->error() = 0;

ch->addr_type() = NS_AF_NONE;

ch->prev_hop_ = index; // AODV hack

ch->next_hop_ = dst;

ih->saddr() = index;

ih->daddr() = dst;

ih->sport() = RT_PORT;

ih->dport() = RT_PORT;

// Fill up some more fields.

rq->rq_type = AODVTYPE_MYREQ;

rq->rq_dst = dst;

rq->rq_src = index;

rq->trust_on = trust_n;

rq->rq_timestamp = CURRENT_TIME;

Scheduler::instance().schedule(target_, p, 0.);

}

....

void AODV::sendMyReply(nsaddr_t ipdst, nsaddr_t rpdst, nsaddr_t trust_n, u_int32_t lifetime, double timestamp, double trust_v)

{

Packet *p = Packet::alloc();

struct hdr_cmn *ch = HDR_CMN(p);

struct hdr_ip *ih = HDR_IP(p);

struct hdr_aodv_myreply *rp = HDR_AODV_MYREPLY(p);

rp->rp_type = AODVTYPE_MYREP;

rp->rp_dst = ipdst;

rp->rp_src = index;

rp->trust_on = trust_n;

rp->trust_val = trust_v;

rp->rp_lifetime = lifetime;

rp->rp_timestamp = timestamp;

// ch->uid() = 0;

ch->ptype() = PT_AODV;

ch->size() = IP_HDR_LEN + rp->size();

ch->iface() = -2;

ch->error() = 0;

ch->addr_type() = NS_AF_INET;

ch->next_hop_ = ipdst;

ch->prev_hop_ = index; // AODV hack

ch->direction() = hdr_cmn::DOWN;

ih->saddr() = index;

ih->daddr() = ipdst;

ih->sport() = RT_PORT;

ih->dport() = RT_PORT;

ih->ttl_ = NETWORK_DIAMETER;

Scheduler::instance().schedule(target_, p, 0.);

}

....

// calling sendMyRequest() function

// inside

// in my use case

sendMyRequest(i,j);

iii) Include all the function declaration in aodv.h

iv) Adding tracing info in cmu-trace.cc file

...

void

CMUTrace::format_aodv(Packet *p, int offset)

{

struct hdr_aodv *ah = HDR_AODV(p);

struct hdr_aodv_request *rq = HDR_AODV_REQUEST(p);

struct hdr_aodv_reply *rp = HDR_AODV_REPLY(p);

struct hdr_aodv_myrequest *trq = HDR_AODV_MYREQUEST(p);

struct hdr_aodv_myreply *trp = HDR_AODV_MYREPLY(p);

switch(ah->ah_type) {

case AODVTYPE_RREQ:

....

case AODVTYPE_MYREQ:

if (pt_->tagged()) {

sprintf(pt_->buffer() + offset,

"-aodv:t %x -aodv:d %d -aodv:s %d -aodv:o %d"

"-aodv:c REQUEST ",

trq->rq_type,

trq->rq_dst,

trq->rq_src,

trq->trust_on);

} else if (newtrace_) {

sprintf(pt_->buffer() + offset,

"-P aodv -Pt 0x%x -Pd %d -Ps %d -Po %d -Pc REQUEST ",

trq->rq_type,

trq->rq_dst,

trq->rq_src,

trq->trust_on);

} else {

sprintf(pt_->buffer() + offset,

"[0x%x [%d] [%d]] (REQUEST)",

trq->rq_type,

trq->rq_dst,

trq->rq_src,

trq->trust_on);

}

break;

case AODVTYPE_RREP:

case AODVTYPE_HELLO:

case AODVTYPE_RERR:

....

break;

case AODVTYPE_MYREP:

if (pt_->tagged()) {

sprintf(pt_->buffer() + offset,

"-aodv:t %x -aodv:d %d -aodv:o %d"

"-aodv:l %f -aodv:v %f -aodv:c %s ",

trp->rp_type,

trp->rp_dst,

trp->trust_on,

trp->rp_lifetime,

trp->trust_val,

"MYREPLY");

} else if (newtrace_) {

sprintf(pt_->buffer() + offset,

"-P aodv -Pt 0x%x -Pd %d -Po %d -Pl %f -Pv %f -Pc %s ",

trp->rp_type,

trp->rp_dst,

trp->trust_on,

trp->rp_lifetime,

trp->trust_val,

"REPLY");

} else {

sprintf(pt_->buffer() + offset,

"[0x%x [%d] %d %f %f] (%s)",

trp->rp_type,

trp->rp_dst,

trp->trust_on,

trp->rp_lifetime,

trp->trust_val,

"MYREPLY");

}

break;

default:

#ifdef WIN32

fprintf(stderr,

"CMUTrace::format_aodv: invalid AODV packet type\n");

#else

fprintf(stderr,

"%s: invalid AODV packet type\n", __FUNCTION__);

#endif

abort();

}

v) In ns-2.35/trace/cmu-trace.cc , We need to add tracing information otherwise, we will get a "invalid AODV packet type" error.

vi) Whenever you do changes in aodv files, run all these four commands (Do Not Forget),

./configure

make clean

make

make install

Note: I didn't do everything, but i did give you enough information, to proceed. Try to understand the functionality, then it is much simple. Hope it helps..

Offers

Pages

Sunday 2 November 2014

How to Creation of Flooding Attack in NS2 AODV ?

Node placement in ns2 AODV (or) Random Distribution of nodes in ns2 (or) Create a 100 nodes in ns2 AODV

How to place Random Placement of Nodes in MANET:

Code:

In Ns2 How to create your own packet

My own packet:

Ads

Feedjit