How to Implement Teardrop Attack in NS2

 

To implement the Teardrop attack in ns2 has numerous steps to follow and basically it is one of the types of Denial-of-Service (DoS) attack in which exploits how fragmented IP packets are reconvened. In a Teardrop attack, the attacker sends malformed, overlapping fragmented packets to a target that leads it to crash or become unstable during the reassembly process.

Since Network Simulator 2 (NS2) does not deliver the low-level packet fragmentation control (as it primarily deals with higher-level simulation of network traffic), we can conceptually mimic a Teardrop-like attack by concentrating on:

  1. Fragmented Packets: To mimic fragmented packets from an attacker that could disturb the receiver.
  2. Overlapping Fragments: Implement the behaviour of fragmented packets arriving in overlapping sequences to mimic on how the Teardrop attack might impact the target.

We can see how to abstractly mimic a Teardrop attack in NS2 by replicating the fragmented traffic and disturbance on the target node.

Steps to Simulate a Teardrop-Like Attack in NS2:

  1. Set Up the Network Topology:
  • Describe the network topology with legitimate nodes and a malicious attacker node.
  • Mimic fragmented packets sent by the attacker to the target node.
  1. Simulate Fragmentation and Overlapping Packets:
  • Since NS2 doesn’t deliver the direct access to IP fragmentation, we need to implement fragmented and overlapping packets by sending small packets with changing sizes and intervals from the attacker node to the target.
  1. Monitor the Network Behavior:
  • Evaluate how the target node manages the fragmented traffic and whether it causes to packet loss or disturbance in legitimate communication.

Tcl Script for Simulating a Teardrop-Like Attack in NS2:

# Create a new simulator

set ns [new Simulator]

# Open trace file for output

set tracefile [open out.tr w]

$ns trace-all $tracefile

# Define network nodes

set n0 [$ns node]  ;# Legitimate sender node

set n1 [$ns node]  ;# Legitimate receiver node (Target)

set n2 [$ns node]  ;# Malicious attacker node (Teardrop attacker)

# Create duplex links between nodes

$ns duplex-link $n0 $n1 1Mb 10ms DropTail  ;# Legitimate link

$ns duplex-link $n2 $n1 1Mb 10ms DropTail  ;# Attacker link to the target

# Define TCP agents for legitimate communication between n0 and n1

set tcp0 [new Agent/TCP]

set sink0 [new Agent/TCPSink]

$ns attach-agent $n0 $tcp0

$ns attach-agent $n1 $sink0

$ns connect $tcp0 $sink0

# Create an FTP traffic source to simulate normal communication

set ftp0 [new Application/FTP]

$ftp0 attach-agent $tcp0

$ns at 1.0 “$ftp0 start”

# Malicious node behavior: Simulate teardrop attack by sending small, overlapping packets

proc teardrop_attack {attacker target} {

global ns

set udp [new Agent/UDP]

$ns attach-agent $attacker $udp

set cbr [new Application/Traffic/CBR]

$cbr attach-agent $udp

$cbr set packetSize_ 64   ;# Simulate fragmented packet

$cbr set interval_ 0.002  ;# High rate for overlapping fragments

# Send additional smaller packets to simulate overlap

set cbr_overlap [new Application/Traffic/CBR]

$cbr_overlap attach-agent $udp

$cbr_overlap set packetSize_ 32   ;# Smaller overlapping packet

$cbr_overlap set interval_ 0.001  ;# Faster interval to overlap

$ns at 2.0 “$cbr start”

$ns at 2.1 “$cbr_overlap start”

puts “Teardrop attack: Malicious node is sending overlapping fragmented packets.”

}

# Start the teardrop attack at the malicious node

$ns at 2.0 “teardrop_attack $n2 $n1”

# End the simulation after 10 seconds

$ns at 10.0 “finish”

proc finish {} {

global ns tracefile

$ns flush-trace

close $tracefile

exit 0

}

# Run the simulation

$ns run

Explanation of the Script:

  1. Nodes:
    • n0: Legitimate sender node.
    • n1: Legitimate receiver node (the target of the attack).
    • n2: Malicious attacker node, simulating the Teardrop attack.
  2. Legitimate Traffic:
    • A TCP connection is introduced among n0 (sender) and n1 (receiver), and FTP is used to generate legitimate traffic among them.
  3. Teardrop Attack Simulation:
    • The malicious node (n2) sends small packets (64 bytes) to mimic fragmented packets. These packets are sent at a high rate with a small interval (0.002 seconds).
    • Furthermore, smaller overlapping packets (32 bytes) are sent with an even shorter interval (0.001 seconds) to mimic overlapping fragments, implementing the Teardrop attack behaviour.
  4. Traffic Analysis:
    • The trace file (out.tr) will capture both the legitimate and malicious traffic that enables them to monitor on how the overlapping fragmented packets impacts the target node (n1).

Post-Simulation Analysis:

  1. Trace File Analysis:
    • Open the trace file (out.tr) and investigate the packets received by the target node (n1). Look for signs of disturbance in legitimate communication because of the overlapping fragmented packets from the attacker.
    • Evaluate the effects of the fragmented packets, like packet loss or latency leads by the attack.
  2. NAM (Network Animator) Visualization:
    • Use NAM to visualize the attack and monitor on how the malicious node sends fragmented packets that overlap in time. we can see how the target node manages the fragmented traffic.
  3. Performance Metrics:
    • Evaluate the impact of the attack on the network parameters like throughput, latency, and packet loss for legitimate traffic.

Example of Teardrop Attack Simulation in NAM:

In NAM, we should observe the following:

  • Legitimate Traffic: Normal packet flow among the legitimate sender and receiver.
  • Fragmented Traffic: Small packets sent by the malicious node (n2) that looks to overlap and disturb the communication.

Enhancing the Simulation:

  1. Multiple Attackers:
    • Establish multiple attacker nodes to mimic a more distributed attack that sends fragmented packets from diverse sources, further congesting the target node.
  2. Varying Packet Sizes and Intervals:
    • Validate with diverse packet sizes and intervals for the fragmented packets to mimic changing intensities of the Teardrop attack.
  3. Legitimate Fragmentation:
    • To mimic legitimate fragmentation in addition to the malicious fragmented packets to learn how the network manages both legitimate and malicious fragmented traffic.
  4. UDP vs TCP Fragmentation:
    • The script currently uses UDP for the attack; however we could mimic the behaviour using TCP as well, liable on the nature of the target and the type of traffic we wish to mimicked.

In the end of the simulation, we had utterly deliver the comprehensive details about how to setup and how to execute the teardrop attack in ns2 simulator. More information will be shared about how the teardrop attack will perform in other simulation tool.

Our expertise excels in the implementation of Teardrop Attack within NS2 is at your service, guiding you through every step. For tailored concepts and innovative topics, feel free to visit ns2project.com. Experience unparalleled simulation support with us.