转载 2013年07月07日 23:23:39


Mobile ad hoc networks will often be deployed in environments where the nodes of the networks are unattended and have little or no physical protection against tampering. The nodes of mobile ad hoc networks are thus susceptible to compromise. The networks are particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. The new DOS attack, called Ad Hoc Flooding Attack (AHFA), can result in denial of service when used against on-demand routing protocols for mobile ad hoc networks, such as AODV, DSR. The intruder broadcasts mass Route Request packets to exhaust the communication bandwidth and node resource so that the valid communication cannot be kept. The injected packet is fake packet, attacker put his own define value in RREQ packet in order to make this attack for dangerous.

The attacker selects many IP addresses which are not in the networks. No node in the network can answer RREP packets for these RREQ. The attacker successively originates mass RREQ messages for these void IP addresses. The attacker will resend the RREQ packets without waiting for the RREP or round-trip time.  They flood the RREQ messages at particular time interval. Their neighbor nodes don‟t know the route to that destination so rebroadcast RREQ. Attacker constantly injects false RREQ packets into the network. Due to false generation, attacker can introduce a new DOS attack to exhaust the communication bandwidth and node resource so that the valid communication cannot be kept. If attacker is out of control it will flood the entire network and degrade the performance of Manet‟s very high extent.

Motivation to prevent flood attack
Flooding RREQ packets in the whole network will consume a lot of resource of network. To reduce congestion in a network, the AODV protocol adopts some methods. A node can not originate more than RREQ_RATELIMIT RREQ messages per second. After broadcasting a RREQ, a node waits for a RREP. If a route is not received within round-trip milliseconds, the node may try again to discover a route by broadcasting another RREQ, up to a maximum of retry times at the maximum TTL value. In the Flooding  attack, the attack node violates the above rules to exhaust the network resource. Firstly, the attacker selects many IP addresses which are not in the networks if he knows the scope of IP address in the networks. Because no node can answer RREP packets for these RREQ, the reverse route in the route table of node will be conserved for longer. The attacker can select random IP addresses if he cannot know scope of IP address.Secondly, the attacker successively originates mass RREQ messages for these void IP addresses. The attacker tries to send excessive RREQ without considering Request rate limit within per second.

I have implemented a code for adding flood attack in Mobile ad-hoc network. For flooding entire network with request packet I have taken one flood timer which continuously send request packet to his neighbor. For adding flood timer code is below, add the ftimer class in the constructor. This change should be done in AODV.cc file

AODV::AODV(nsaddr_t id) : Agent(PT_AODV), btimer(this), htimer(this), ntimer(this),rtimer(this), lrtimer(this),ftimer(this),ctimer(this),rqueue()

//Added by NVT
FloodTimer::handle(Event*) {
if (index == 1 ) {
// node 1 will be a attacker, flood attacker !
Scheduler::instance().schedule(this, &intr, FLOOD_INTERVAL);
now change the AODV.h file , add the flood timer class above broadcast timer class. And also define the flood interval at very begining for aodv.h file, just like below. Here flood timer is 0.09 sec. every 0.09 second attacker will send the request packet to his neighbor.

#define FLOOD_INTERVAL 0.09
class FloodTimer : public Handler {
FloodTimer(AODV* a):    agent(a){}
void     handle(Event*);
AODV     *agent;
Event     intr;
After adding this adding flood timer now add the flood attacker logic. which send the fake request packet into the network. add it to below sendrequest function of AODV.cc
//Added by NVT
AODV::FloodRREQ(nsaddr_t dst){
Packet *p = Packet::alloc();
struct hdr_cmn *ch = HDR_CMN(p);
struct hdr_ip *ih = HDR_IP(p);
struct hdr_aodv_request *rq = HDR_AODV_REQUEST(p);
aodv_rt_entry *rt = rtable.rt_lookup(dst);
printf("\n**********************in 'in FloodRREQ' at node::%d*****************************",index);
// Fill out the RREQ packet
// ch->uid() = 0;
ch->ptype() = PT_AODV;
ch->size() = IP_HDR_LEN + rq->size();
ch->iface() = -2;
ch->error() = 0;
ch->addr_type() = NS_AF_NONE;
ch->prev_hop_ = index;
ih->saddr() = index;
ih->daddr() = IP_BROADCAST;
ih->sport() = RT_PORT;
ih->dport() = RT_PORT;
// Fill up some more fields.
//printf("\n Fill up some more fields in SENDrequest functin\n");
rq->rq_type = AODVTYPE_RREQ;
rq->rq_hop_count = 1;
rq->rq_bcast_id = bid++;
rq->rq_dst = dst;
rq->rq_dst_seqno = num;
rq->rq_src = index;
seqno += 2;
assert ((seqno%2) == 0);
rq->rq_src_seqno = seqno;
rq->rq_timestamp = CURRENT_TIME;
Scheduler::instance().schedule(target_, p, 0.);


转载地址:http://narentada.com/code-for-preventing-flood-attack-in-aodv/ step 1:Create two cache table...
  • norbert_jxl
  • norbert_jxl
  • 2013年07月07日 23:33
  • 1247

基于NS2的Ad Hoc网络AODV路由协议性能评估的仿真

NS2(Network SimulationVersion 2)是一款功能强大的网络模拟仿真,它是用C++和OTCL两种语言完成的。C++语言编写协议执行模块,OTCL语言编写模拟任务。NS2主要针对...
  • yxb3158
  • yxb3158
  • 2014年12月19日 17:46
  • 1833

在NS2 AODV协议中添加blackhole attacker(黑洞攻击)

      在NS2-3.34中添加黑洞攻击的过程还是比较简单的,具体过程大致如下描述:1. 首先我们在aodv/aodv.h中的AODV类中添加一个标志该Agent(该节点是blackhole的标志...
  • QinLeopard
  • QinLeopard
  • 2011年05月17日 11:03
  • 4386

在NS2 AODV协议中添加blackhole attacker(黑洞攻击) [转载]

原文地址:http://blog.csdn.net/qinleopard/article/details/6426379 --------------------------------------...
  • chutian_8986
  • chutian_8986
  • 2013年06月21日 15:32
  • 1288


  • hainengbunengwan
  • hainengbunengwan
  • 2016年03月16日 17:35
  • 1410


  • 2014年06月05日 11:09
  • 444KB
  • 下载


  • 2011年03月22日 22:41
  • 435KB
  • 下载

如何在NS-2 AODV协议中添加一种新的数据包类型

  • QinLeopard
  • QinLeopard
  • 2011年06月28日 12:28
  • 2601

NS2 学习笔记—— AODV协议

在NS2中,AODV路由协议主要包括以下几个组件: 1、协议实体 2、路由表 3、定时器 (1)广播定时器 (2)周期Hello报文广播定时器 (3)用于邻居管理的定时器 (4)用于路由...
  • leo115
  • leo115
  • 2012年07月30日 08:50
  • 5483


  • Cappuccino92
  • Cappuccino92
  • 2015年12月16日 22:40
  • 420