DDoS Attack
118 views
Skip to first unread message
faisal Lone
May 7, 2023, 12:31:26 AM5/7/23
to ns-3-users
Hello all,
I have to implement a DDoS attack in vehicular networks and there is a code on Git for DDoS for a legacy network. I am sharing the code,
1. I need your inputs regarding whether the logic is ok. I have executed the code and it seems to work with a high packet drop ratio.
2. Will i need to set the queue size on the sender and receiver nodes to overwhelm them with the number of packets sent? And what is the default queue size of the nodes in NS-3.
Thanks and Regards
faisal
faisal Lone
May 7, 2023, 12:48:50 AM5/7/23
to ns-3-users
Sorry, forgot to share the code
#include <ns3/csma-helper.h>
#include "ns3/mobility-module.h"
#include "ns3/nstime.h"
#include "ns3/core-module.h"
#include "ns3/network-module.h"
#include "ns3/internet-module.h"
#include "ns3/point-to-point-module.h"
#include "ns3/applications-module.h"
#include "ns3/ipv4-global-routing-helper.h"
#include "ns3/netanim-module.h"
#define TCP_SINK_PORT 9000
#define UDP_SINK_PORT 9001
//experimental parameters
#define MAX_BULK_BYTES 100000
#define DDOS_RATE "20480kb/s"
#define MAX_SIMULATION_TIME 10.0
//Number of Bots for DDoS
#define NUMBER_OF_BOTS 10
using namespace ns3;
NS_LOG_COMPONENT_DEFINE("DDoSAttack");
int main(int argc, char *argv[])
{
CommandLine cmd;
cmd.Parse(argc, argv);
Time::SetResolution(Time::NS);
LogComponentEnable("UdpEchoClientApplication", LOG_LEVEL_INFO);
LogComponentEnable("UdpEchoServerApplication", LOG_LEVEL_INFO);
//Legitimate connection bots
NodeContainer nodes;
nodes.Create(3);
//Nodes for attack bots
NodeContainer botNodes;
botNodes.Create(NUMBER_OF_BOTS);
// Define the Point-To-Point Links and their Paramters
PointToPointHelper pp1, pp2;
pp1.SetDeviceAttribute("DataRate", StringValue("100Mbps"));
pp1.SetChannelAttribute("Delay", StringValue("1ms"));
pp2.SetDeviceAttribute("DataRate", StringValue("100Mbps"));
pp2.SetChannelAttribute("Delay", StringValue("1ms"));
// Install the Point-To-Point Connections between Nodes
NetDeviceContainer d02, d12, botDeviceContainer[NUMBER_OF_BOTS];
d02 = pp1.Install(nodes.Get(0), nodes.Get(1));
d12 = pp1.Install(nodes.Get(1), nodes.Get(2));
for (int i = 0; i < NUMBER_OF_BOTS; ++i)
{
botDeviceContainer[i] = pp2.Install(botNodes.Get(i), nodes.Get(1));
}
//Assign IP to bots
InternetStackHelper stack;
stack.Install(nodes);
stack.Install(botNodes);
Ipv4AddressHelper ipv4_n;
ipv4_n.SetBase("10.0.0.0", "255.255.255.252");
Ipv4AddressHelper a02, a12, a23, a34;
a02.SetBase("10.1.1.0", "255.255.255.0");
a12.SetBase("10.1.2.0", "255.255.255.0");
for (int j = 0; j < NUMBER_OF_BOTS; ++j)
{
ipv4_n.Assign(botDeviceContainer[j]);
ipv4_n.NewNetwork();
}
//Assign IP to legitimate nodes
Ipv4InterfaceContainer i02, i12;
i02 = a02.Assign(d02);
i12 = a12.Assign(d12);
// DDoS Application Behaviour
OnOffHelper onoff("ns3::UdpSocketFactory", Address(InetSocketAddress(i12.GetAddress(1), UDP_SINK_PORT)));
onoff.SetConstantRate(DataRate(DDOS_RATE));
onoff.SetAttribute("OnTime", StringValue("ns3::ConstantRandomVariable[Constant=30]"));
onoff.SetAttribute("OffTime", StringValue("ns3::ConstantRandomVariable[Constant=0]"));
ApplicationContainer onOffApp[NUMBER_OF_BOTS];
//Install application in all bots
for (int k = 0; k < NUMBER_OF_BOTS; ++k)
{
onOffApp[k] = onoff.Install(botNodes.Get(k));
onOffApp[k].Start(Seconds(0.0));
onOffApp[k].Stop(Seconds(MAX_SIMULATION_TIME));
}
// Sender Application (Packets generated by this application are throttled)
BulkSendHelper bulkSend("ns3::TcpSocketFactory", InetSocketAddress(i12.GetAddress(1), TCP_SINK_PORT));
bulkSend.SetAttribute("MaxBytes", UintegerValue(MAX_BULK_BYTES));
ApplicationContainer bulkSendApp = bulkSend.Install(nodes.Get(0));
bulkSendApp.Start(Seconds(0.0));
bulkSendApp.Stop(Seconds(MAX_SIMULATION_TIME - 10));
// UDPSink on receiver side
PacketSinkHelper UDPsink("ns3::UdpSocketFactory",
Address(InetSocketAddress(Ipv4Address::GetAny(), UDP_SINK_PORT)));
ApplicationContainer UDPSinkApp = UDPsink.Install(nodes.Get(2));
UDPSinkApp.Start(Seconds(0.0));
UDPSinkApp.Stop(Seconds(MAX_SIMULATION_TIME));
// TCP Sink Application on server side
PacketSinkHelper TCPsink("ns3::TcpSocketFactory",
InetSocketAddress(Ipv4Address::GetAny(), TCP_SINK_PORT));
ApplicationContainer TCPSinkApp = TCPsink.Install(nodes.Get(2));
TCPSinkApp.Start(Seconds(0.0));
TCPSinkApp.Stop(Seconds(MAX_SIMULATION_TIME));
Ipv4GlobalRoutingHelper::PopulateRoutingTables();
//Simulation NetAnim configuration and node placement
MobilityHelper mobility;
mobility.SetPositionAllocator("ns3::GridPositionAllocator",
"MinX", DoubleValue(0.0), "MinY", DoubleValue(0.0), "DeltaX", DoubleValue(5.0), "DeltaY", DoubleValue(10.0),
"GridWidth", UintegerValue(5), "LayoutType", StringValue("RowFirst"));
mobility.SetMobilityModel("ns3::ConstantPositionMobilityModel");
mobility.Install(nodes);
mobility.Install(botNodes);
AnimationInterface anim("DDoSim.xml");
ns3::AnimationInterface::SetConstantPosition(nodes.Get(0), 0, 0);
ns3::AnimationInterface::SetConstantPosition(nodes.Get(1), 10, 10);
ns3::AnimationInterface::SetConstantPosition(nodes.Get(2), 20, 10);
uint32_t x_pos = 0;
for (int l = 0; l < NUMBER_OF_BOTS; ++l)
{
ns3::AnimationInterface::SetConstantPosition(botNodes.Get(l), x_pos++, 30);
}
//Run the Simulation
Simulator::Run();
Simulator::Destroy();
return 0;
}
#include "ns3/mobility-module.h"
#include "ns3/nstime.h"
#include "ns3/core-module.h"
#include "ns3/network-module.h"
#include "ns3/internet-module.h"
#include "ns3/point-to-point-module.h"
#include "ns3/applications-module.h"
#include "ns3/ipv4-global-routing-helper.h"
#include "ns3/netanim-module.h"
#define TCP_SINK_PORT 9000
#define UDP_SINK_PORT 9001
//experimental parameters
#define MAX_BULK_BYTES 100000
#define DDOS_RATE "20480kb/s"
#define MAX_SIMULATION_TIME 10.0
//Number of Bots for DDoS
#define NUMBER_OF_BOTS 10
using namespace ns3;
NS_LOG_COMPONENT_DEFINE("DDoSAttack");
int main(int argc, char *argv[])
{
CommandLine cmd;
cmd.Parse(argc, argv);
Time::SetResolution(Time::NS);
LogComponentEnable("UdpEchoClientApplication", LOG_LEVEL_INFO);
LogComponentEnable("UdpEchoServerApplication", LOG_LEVEL_INFO);
//Legitimate connection bots
NodeContainer nodes;
nodes.Create(3);
//Nodes for attack bots
NodeContainer botNodes;
botNodes.Create(NUMBER_OF_BOTS);
// Define the Point-To-Point Links and their Paramters
PointToPointHelper pp1, pp2;
pp1.SetDeviceAttribute("DataRate", StringValue("100Mbps"));
pp1.SetChannelAttribute("Delay", StringValue("1ms"));
pp2.SetDeviceAttribute("DataRate", StringValue("100Mbps"));
pp2.SetChannelAttribute("Delay", StringValue("1ms"));
// Install the Point-To-Point Connections between Nodes
NetDeviceContainer d02, d12, botDeviceContainer[NUMBER_OF_BOTS];
d02 = pp1.Install(nodes.Get(0), nodes.Get(1));
d12 = pp1.Install(nodes.Get(1), nodes.Get(2));
for (int i = 0; i < NUMBER_OF_BOTS; ++i)
{
botDeviceContainer[i] = pp2.Install(botNodes.Get(i), nodes.Get(1));
}
//Assign IP to bots
InternetStackHelper stack;
stack.Install(nodes);
stack.Install(botNodes);
Ipv4AddressHelper ipv4_n;
ipv4_n.SetBase("10.0.0.0", "255.255.255.252");
Ipv4AddressHelper a02, a12, a23, a34;
a02.SetBase("10.1.1.0", "255.255.255.0");
a12.SetBase("10.1.2.0", "255.255.255.0");
for (int j = 0; j < NUMBER_OF_BOTS; ++j)
{
ipv4_n.Assign(botDeviceContainer[j]);
ipv4_n.NewNetwork();
}
//Assign IP to legitimate nodes
Ipv4InterfaceContainer i02, i12;
i02 = a02.Assign(d02);
i12 = a12.Assign(d12);
// DDoS Application Behaviour
OnOffHelper onoff("ns3::UdpSocketFactory", Address(InetSocketAddress(i12.GetAddress(1), UDP_SINK_PORT)));
onoff.SetConstantRate(DataRate(DDOS_RATE));
onoff.SetAttribute("OnTime", StringValue("ns3::ConstantRandomVariable[Constant=30]"));
onoff.SetAttribute("OffTime", StringValue("ns3::ConstantRandomVariable[Constant=0]"));
ApplicationContainer onOffApp[NUMBER_OF_BOTS];
//Install application in all bots
for (int k = 0; k < NUMBER_OF_BOTS; ++k)
{
onOffApp[k] = onoff.Install(botNodes.Get(k));
onOffApp[k].Start(Seconds(0.0));
onOffApp[k].Stop(Seconds(MAX_SIMULATION_TIME));
}
// Sender Application (Packets generated by this application are throttled)
BulkSendHelper bulkSend("ns3::TcpSocketFactory", InetSocketAddress(i12.GetAddress(1), TCP_SINK_PORT));
bulkSend.SetAttribute("MaxBytes", UintegerValue(MAX_BULK_BYTES));
ApplicationContainer bulkSendApp = bulkSend.Install(nodes.Get(0));
bulkSendApp.Start(Seconds(0.0));
bulkSendApp.Stop(Seconds(MAX_SIMULATION_TIME - 10));
// UDPSink on receiver side
PacketSinkHelper UDPsink("ns3::UdpSocketFactory",
Address(InetSocketAddress(Ipv4Address::GetAny(), UDP_SINK_PORT)));
ApplicationContainer UDPSinkApp = UDPsink.Install(nodes.Get(2));
UDPSinkApp.Start(Seconds(0.0));
UDPSinkApp.Stop(Seconds(MAX_SIMULATION_TIME));
// TCP Sink Application on server side
PacketSinkHelper TCPsink("ns3::TcpSocketFactory",
InetSocketAddress(Ipv4Address::GetAny(), TCP_SINK_PORT));
ApplicationContainer TCPSinkApp = TCPsink.Install(nodes.Get(2));
TCPSinkApp.Start(Seconds(0.0));
TCPSinkApp.Stop(Seconds(MAX_SIMULATION_TIME));
Ipv4GlobalRoutingHelper::PopulateRoutingTables();
//Simulation NetAnim configuration and node placement
MobilityHelper mobility;
mobility.SetPositionAllocator("ns3::GridPositionAllocator",
"MinX", DoubleValue(0.0), "MinY", DoubleValue(0.0), "DeltaX", DoubleValue(5.0), "DeltaY", DoubleValue(10.0),
"GridWidth", UintegerValue(5), "LayoutType", StringValue("RowFirst"));
mobility.SetMobilityModel("ns3::ConstantPositionMobilityModel");
mobility.Install(nodes);
mobility.Install(botNodes);
AnimationInterface anim("DDoSim.xml");
ns3::AnimationInterface::SetConstantPosition(nodes.Get(0), 0, 0);
ns3::AnimationInterface::SetConstantPosition(nodes.Get(1), 10, 10);
ns3::AnimationInterface::SetConstantPosition(nodes.Get(2), 20, 10);
uint32_t x_pos = 0;
for (int l = 0; l < NUMBER_OF_BOTS; ++l)
{
ns3::AnimationInterface::SetConstantPosition(botNodes.Get(l), x_pos++, 30);
}
//Run the Simulation
Simulator::Run();
Simulator::Destroy();
return 0;
}
Tommaso Pecorella
May 7, 2023, 7:49:43 AM5/7/23
to ns-3-users
Short answer:
1) check the code and see for yourself. If you can't understand the code and you simply rely on "it does something", you're going to have a bad day. Or several bad days. Hint: draw the network topology on a piece of paper.
2) You can't, and it had been discussed several times.
Please study the ns-3 models and simulation principles before trying to figure out how do do something. Chances are that the thing you're trying to do is plainly impossible to be done.
faisal Lone
May 7, 2023, 7:56:51 AM5/7/23
to ns-3-...@googlegroups.com
Thanks for the reply. Does it mean implementing DDos isn't possible in ns-3?
--
Posting to this group should follow these guidelines https://www.nsnam.org/wiki/Ns-3-users-guidelines-for-posting
---
You received this message because you are subscribed to the Google Groups "ns-3-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ns-3-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ns-3-users/8017c890-9b73-4c0b-a120-e619063cd471n%40googlegroups.com.
Tommaso Pecorella
May 7, 2023, 5:40:22 PM5/7/23
to ns-3-users
Does it mean implementing DDos isn't possible in ns-3?
No, it means that you'll have to develop your own model to simulate the effect of an excessive number of connections.
As an example, you could model it by monitoring the number of open TCP sockets and block the new connections when a given limit is reached.
My suggestion is to study what happens when a computer is subject to a DoS, and devise a way to implement that effect. This will, most probably, mean that you will need to implement a new TCP socket, or a new "sink" application that does something according to the effect you want to model.
Reply all
Reply to author
Forward
0 new messages