NS2中基于AODV协议实现的请求洪泛攻击
2013-07-07 23:23
453 查看
转载地址:http://narentada.com/what-is-flood-attack-code-for-request-flood-attack-in-aodv-routing-protocol/
Mobile ad hoc networks will often be deployed in environments where the nodes of the networks are unattended and have little or no physical protection against tampering. The nodes of mobile ad hoc networks are thus susceptible to compromise. The networks are
particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. The new DOS attack, called Ad Hoc Flooding Attack (AHFA), can result in denial of service when used against on-demand routing protocols for mobile ad
hoc networks, such as AODV, DSR. The intruder broadcasts mass Route Request packets to exhaust the communication bandwidth and node resource so that the valid communication cannot be kept. The injected packet is fake packet, attacker put his own define value
in RREQ packet in order to make this attack for dangerous.
The attacker selects many IP addresses which are not in the networks. No node in the network can answer RREP packets for these RREQ. The attacker successively originates mass RREQ messages for these void IP addresses. The attacker will resend the RREQ packets
without waiting for the RREP or round-trip time. They flood the RREQ messages at particular time interval. Their neighbor nodes don‟t know the route to that destination so rebroadcast RREQ. Attacker constantly injects false RREQ packets into the network.
Due to false generation, attacker can introduce a new DOS attack to exhaust the communication bandwidth and node resource so that the valid communication cannot be kept. If attacker is out of control it will flood the entire network and degrade the performance
of Manet‟s very high extent.
Motivation to prevent flood attack
Flooding RREQ packets in the whole network will consume a lot of resource of network. To reduce congestion in a network, the AODV protocol adopts some methods. A node can not originate more than RREQ_RATELIMIT RREQ messages per second. After broadcasting a
RREQ, a node waits for a RREP. If a route is not received within round-trip milliseconds, the node may try again to discover a route by broadcasting another RREQ, up to a maximum of retry times at the maximum TTL value. In the Flooding attack, the attack
node violates the above rules to exhaust the network resource. Firstly, the attacker selects many IP addresses which are not in the networks if he knows the scope of IP address in the networks. Because no node can answer RREP packets for these RREQ, the reverse
route in the route table of node will be conserved for longer. The attacker can select random IP addresses if he cannot know scope of IP address.Secondly, the attacker successively originates mass RREQ messages for these void IP addresses. The attacker tries
to send excessive RREQ without considering Request rate limit within per second.
I have implemented a code for adding flood attack in Mobile ad-hoc network. For flooding entire network with request packet I have taken one flood timer which continuously send request packet to his neighbor. For adding flood timer code is below, add the ftimer
class in the constructor. This change should be done in AODV.cc file
timer class. And also define the flood interval at very begining for aodv.h file, just like below. Here flood timer is 0.09 sec. every 0.09 second attacker will
send the request packet to his neighbor.
adding flood timer now add the flood attacker logic. which send the fake request packet into the network. add it to below sendrequest function of AODV.cc
Mobile ad hoc networks will often be deployed in environments where the nodes of the networks are unattended and have little or no physical protection against tampering. The nodes of mobile ad hoc networks are thus susceptible to compromise. The networks are
particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. The new DOS attack, called Ad Hoc Flooding Attack (AHFA), can result in denial of service when used against on-demand routing protocols for mobile ad
hoc networks, such as AODV, DSR. The intruder broadcasts mass Route Request packets to exhaust the communication bandwidth and node resource so that the valid communication cannot be kept. The injected packet is fake packet, attacker put his own define value
in RREQ packet in order to make this attack for dangerous.
The attacker selects many IP addresses which are not in the networks. No node in the network can answer RREP packets for these RREQ. The attacker successively originates mass RREQ messages for these void IP addresses. The attacker will resend the RREQ packets
without waiting for the RREP or round-trip time. They flood the RREQ messages at particular time interval. Their neighbor nodes don‟t know the route to that destination so rebroadcast RREQ. Attacker constantly injects false RREQ packets into the network.
Due to false generation, attacker can introduce a new DOS attack to exhaust the communication bandwidth and node resource so that the valid communication cannot be kept. If attacker is out of control it will flood the entire network and degrade the performance
of Manet‟s very high extent.
Motivation to prevent flood attack
Flooding RREQ packets in the whole network will consume a lot of resource of network. To reduce congestion in a network, the AODV protocol adopts some methods. A node can not originate more than RREQ_RATELIMIT RREQ messages per second. After broadcasting a
RREQ, a node waits for a RREP. If a route is not received within round-trip milliseconds, the node may try again to discover a route by broadcasting another RREQ, up to a maximum of retry times at the maximum TTL value. In the Flooding attack, the attack
node violates the above rules to exhaust the network resource. Firstly, the attacker selects many IP addresses which are not in the networks if he knows the scope of IP address in the networks. Because no node can answer RREP packets for these RREQ, the reverse
route in the route table of node will be conserved for longer. The attacker can select random IP addresses if he cannot know scope of IP address.Secondly, the attacker successively originates mass RREQ messages for these void IP addresses. The attacker tries
to send excessive RREQ without considering Request rate limit within per second.
I have implemented a code for adding flood attack in Mobile ad-hoc network. For flooding entire network with request packet I have taken one flood timer which continuously send request packet to his neighbor. For adding flood timer code is below, add the ftimer
class in the constructor. This change should be done in AODV.cc file
AODV::AODV(nsaddr_t id) : Agent(PT_AODV), btimer(this), htimer(this), ntimer(this),rtimer(this), lrtimer(this),ftimer(this),ctimer(this),rqueue()增加下列代码在BroadcastTimer之后:
//Added by NVT void FloodTimer::handle(Event*) { //agent->nimble=true; if (index == 1 ) { agent->FloodRREQ(99); // node 1 will be a attacker, flood attacker ! } Scheduler::instance().schedule(this, &intr, FLOOD_INTERVAL); }now change the AODV.h file , add the flood timer class above broadcast
timer class. And also define the flood interval at very begining for aodv.h file, just like below. Here flood timer is 0.09 sec. every 0.09 second attacker will
send the request packet to his neighbor.
#define FLOOD_INTERVAL 0.09
class FloodTimer : public Handler { public: FloodTimer(AODV* a): agent(a){} void handle(Event*); private: AODV *agent; Event intr; };After adding this
adding flood timer now add the flood attacker logic. which send the fake request packet into the network. add it to below sendrequest function of AODV.cc
//Added by NVT void AODV::FloodRREQ(nsaddr_t dst){ //printf(""); Packet *p = Packet::alloc(); struct hdr_cmn *ch = HDR_CMN(p); struct hdr_ip *ih = HDR_IP(p); struct hdr_aodv_request *rq = HDR_AODV_REQUEST(p); aodv_rt_entry *rt = rtable.rt_lookup(dst); //printf("\nrt_flags======%d\n",rt->rt_flags); printf("\n**********************in 'in FloodRREQ' at node::%d*****************************",index); rtable.rt_display(index); // Fill out the RREQ packet // ch->uid() = 0; ch->ptype() = PT_AODV; ch->size() = IP_HDR_LEN + rq->size(); ch->iface() = -2; ch->error() = 0; ch->addr_type() = NS_AF_NONE; ch->prev_hop_ = index; ih->saddr() = index; ih->daddr() = IP_BROADCAST; ih->sport() = RT_PORT; ih->dport() = RT_PORT; ih->ttl_ = NETWORK_DIAMETER; // Fill up some more fields. //printf("\n Fill up some more fields in SENDrequest functin\n"); rq->rq_type = AODVTYPE_RREQ; rq->rq_hop_count = 1; rq->rq_bcast_id = bid++; rq->rq_dst = dst; rq->rq_dst_seqno = num; rq->rq_src = index; seqno += 2; assert ((seqno%2) == 0); rq->rq_src_seqno = seqno; rq->rq_timestamp = CURRENT_TIME; num=num+2; Scheduler::instance().schedule(target_, p, 0.); }
相关文章推荐
- NS2中基于AODV协议的请求洪泛攻击防御
- 在NS2 AODV协议中添加blackhole attacker(黑洞攻击)
- ns2下完善基于AODV的TDMA协议
- 在NS2 AODV协议中添加blackhole attacker(黑洞攻击) [转载]
- 基于NS2的网络路由协议仿真(AODV、COPE+AODV)
- Url请求长度HTTP协议不对URI的长度作事先的限制,服务器必须能够处理任何他们提供资源的URI,并且应该能够处理无限长度的URIs,这种无效长度的URL可能会在客户端以基于GET方式的请求时产生。
- 基于.Net Framework 4.0 Web API开发(5):ASP.NET Web APIs AJAX 跨域请求解决办法(CORS实现)
- java基于包结构的请求路由实现实例分享
- 02.HTTP协议之客户端实现(POST请求)
- tomcat实现http协议中的请求方法
- Mocha NTA基于单采集器实现的多种流协议分析
- 在 Android 的 IM 应用中使用 asmack 库实现用户头像的传输(基于VCard协议)
- 在J2ME中实现基于UDP协议通讯程序
- [C# 网络编程系列]专题十一:实现一个基于FTP协议的程序——文件上传下载器
- 基于MODBUS 协议的CRC16程序实现
- 基于node实现websocket协议
- python基于protobu+websocket+tornado实现多种二进制协议消息的接收发送和解析demo
- 基于CORS 为Jfainl实现跨域请求
- linux 下基于特定通信协议利用多线程同步通信机制实现的串口通信
- 利用socket自己实现基于HTTP协议的Web服务器