How to Implement ICMP Redirect Attack in NS2

To implement an ICMP redirect attack is happens while an attacker sends an ICMP redirect message to a victim, and tricking it into changing it routing table. It permits an attacker to influence the victim’s traffic frequently redirecting it over a malicious node. The simulator NS2 (Network Simulator 2) does not natively support to the ICMP or else particular ICMP redirect message is managing. However we can simulate an ICMP redirect attack by set up a scenario in which a malicious node tricks alternative node into rerouting traffic via it. In NS2, we will simulate the performance of an ICMP redirect attack by influencing the routing behaviour of a victim node and mimicked the impact of receiving its message. Given below is the simple process on how we can approach the concept:

Steps to Implement an ICMP Redirect Attack in NS2:

  1. Set up the network topology: Set up a legitimate communication path among the source nodes and destination nodes.
  2. Simulate normal traffic: Make a regular traffic among the source and destination nodes.
  3. Simulate the ICMP redirect attack: Launch a malicious node, which sends a redirect that is simulated by rerouting traffic to the victim node, affecting it to the reroute traffic over the attacker.
  4. Capture and analyse the results: Record the redirection of traffic and its effect on the network.

Example TCL Script for Simulating an ICMP Redirect Attack in NS2

These instance configures a network including a destination node (n2), source node (n0), and an attacker node (n1). The redirect attacker forwards an ICMP-like redirect message to the source node that affecting its traffic via the attacker.

TCL Script for NS2 (ICMP Redirect Attack Simulation)

# Create a new simulator instance

set ns [new Simulator]

# Open trace and nam files

set tracefile [open “icmp_redirect_trace.tr” w]

$ns trace-all $tracefile

set namfile [open “icmp_redirect.nam” w]

$ns namtrace-all-wireless $namfile

# Define network nodes

set n0 [$ns node]   ;# Source node (legitimate)

set n1 [$ns node]   ;# Attacker node (sends ICMP redirect)

set n2 [$ns node]   ;# Destination node (legitimate)

# Create UDP agents for normal traffic from n0 to n2

set udp0 [new Agent/UDP]

set null0 [new Agent/Null]

$ns attach-agent $n0 $udp0

$ns attach-agent $n2 $null0

$ns connect $udp0 $null0

# Create a CBR application for normal traffic

set cbr0 [new Application/Traffic/CBR]

$cbr0 set packetSize_ 512

$cbr0 set rate_ 128Kb

$cbr0 attach-agent $udp0

# Function to simulate the ICMP redirect attack

proc icmp_redirect_attack { attacker victim dest } {

global ns

# Change the route to redirect traffic through the attacker (n1)

$ns rtmodel-at 2.0 “rtProtoDV” “start” $victim $attacker $dest

# Log the redirection event

puts “ICMP redirect: Traffic from $victim will now be routed through $attacker to $dest”

}

# Start normal traffic

$ns at 1.0 “$cbr0 start”

$ns at 5.0 “$cbr0 stop”

# Schedule the ICMP redirect attack at 2.0 seconds

$ns at 2.0 “icmp_redirect_attack $n1 $n0 $n2”

# Define finish procedure

proc finish {} {

global ns tracefile namfile

$ns flush-trace

close $tracefile

close $namfile

exec nam icmp_redirect.nam &

exit 0

}

# End the simulation at 6.0 seconds

$ns at 6.0 “finish”

# Run the simulation

$ns run

Explanation of the Script:

  1. Network Setup:
    • The source node n0 that primarily sends the traffic directly to the destination node n2.
    • An attacker node n1 that sends an ICMP-like redirect message, tricking n0 into routing its traffic via the attacker node n1.
  2. Simulating Normal Traffic:
    • The UDP connection among the source node n0 and the destination node n2 that ascertained using a CBR (Constant Bit Rate) application, mimicking the legitimate traffic flow.
  3. ICMP Redirect Attack Simulation:
    • Use the NS2’s routing model (rtmodel-at) to alter the routing behaviour of the victim (n0), the function icmp_redirect_attack replicates the performance of an ICMP redirect.
    • At time 2.0 seconds, the routing table of n0 is changed so as to its traffic to n2 is routed via the attacker node n1.
  4. Trace Files and Visualization:
    • The trace file icmp_redirect_trace.tr logs the traffic redirection that can be evaluated for effect of the attack.
    • To visualize the attack using the NAM network animator and the NAM file icmp_redirect.nam.
  1. Customizing the ICMP Redirect Attack
  2. a) Increasing the Number of Victims:

We can append more victim nodes which acquire their traffic redirected by the attacker and every victim’s routing table can alter to the redirect traffic over the attacker.

set n3 [$ns node]   ;# Another victim node

$ns attach-agent $n3 $udp_victim

$ns at 3.0 “icmp_redirect_attack $n1 $n3 $n2”

  1. b) Modifying the Attack Timing:

We can alter the timing of the ICMP redirect to create the attack essentially stealthy. For specimen, we can launch a latency before redirect is applied.

$ns at 4.0 “icmp_redirect_attack $n1 $n0 $n2”  ;# Delayed redirect

  1. c) Logging Traffic after the Redirect:

After the redirect, we can record the traffic to observe if the victim node is still communicating with the terminus however view the attacker’s node.

proc log_traffic { node } {

global ns

set pkts_received [$node set recv_]

puts “Packets received by $node: $pkts_received”

}

$ns at 5.5 “log_traffic $n2”

  1. Analysing the ICMP Redirect Attack

We can evaluate the trace file, after running the simulation that to monitor the effect of the ICMP redirect attack:

  • Traffic redirection: Verify the trace file to observe when the traffic from the source node n0 starts being routed over the attacker node n1.
  • Packet loss: Estimate whether any packets are dropped when after the redirection or during the redirection.
  • Network visualization: We can use the NAM file (icmp_redirect.nam) to visualize how the traffic path modifies after the redirect.
  1. Advanced Features (Optional)
  2. a) Simulating Multiple Redirects:

We can mimic an attack in which several redirect messages are sent to the various nodes to manage a large part of the network’s traffic.

set n3 [$ns node]

$ns at 3.0 “icmp_redirect_attack $n1 $n3 $n2”  ;# Redirect another node’s traffic

  1. b) Detecting the Redirect Attack:

We can mimic a detection mechanism that finds while records a warning message or takes action to restore the original route and  a redirect has happened.

proc detect_redirect { node original_route attacker_route } {

# Check if the route has changed to the attacker’s node

if { $original_route != $attacker_route } {

puts “Warning: Redirect detected on node $node”

}

}

$ns at 3.0 “detect_redirect $n0 $n2 $n1”

  1. c) Mitigating the Attack:

We can launch a mechanism in which the victim node returns to the original route after detecting the attack.

proc mitigate_redirect { node original_route } {

global ns

# Restore the original route

$ns rtmodel-at 4.0 “rtProtoDV” “start” $node $original_route

puts “Traffic restored to original route on node $node”

}

$ns at 4.5 “mitigate_redirect $n0 $n2”

The entire process for implementing and analysing the ICMP redirect attack in the NS2 simulation tool has been shown above. Specific details about this topic will be given later, if required.

For project guidance, reach out to ns2project.com for expert advice on implementing ICMP Redirect Attack in NS2. Our focus is on simulating the performance analysis of ICMP.