转载 2013年07月07日 23:23:39


Mobile ad hoc networks will often be deployed in environments where the nodes of the networks are unattended and have little or no physical protection against tampering. The nodes of mobile ad hoc networks are thus susceptible to compromise. The networks are particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. The new DOS attack, called Ad Hoc Flooding Attack (AHFA), can result in denial of service when used against on-demand routing protocols for mobile ad hoc networks, such as AODV, DSR. The intruder broadcasts mass Route Request packets to exhaust the communication bandwidth and node resource so that the valid communication cannot be kept. The injected packet is fake packet, attacker put his own define value in RREQ packet in order to make this attack for dangerous.

The attacker selects many IP addresses which are not in the networks. No node in the network can answer RREP packets for these RREQ. The attacker successively originates mass RREQ messages for these void IP addresses. The attacker will resend the RREQ packets without waiting for the RREP or round-trip time.  They flood the RREQ messages at particular time interval. Their neighbor nodes don‟t know the route to that destination so rebroadcast RREQ. Attacker constantly injects false RREQ packets into the network. Due to false generation, attacker can introduce a new DOS attack to exhaust the communication bandwidth and node resource so that the valid communication cannot be kept. If attacker is out of control it will flood the entire network and degrade the performance of Manet‟s very high extent.

Motivation to prevent flood attack
Flooding RREQ packets in the whole network will consume a lot of resource of network. To reduce congestion in a network, the AODV protocol adopts some methods. A node can not originate more than RREQ_RATELIMIT RREQ messages per second. After broadcasting a RREQ, a node waits for a RREP. If a route is not received within round-trip milliseconds, the node may try again to discover a route by broadcasting another RREQ, up to a maximum of retry times at the maximum TTL value. In the Flooding  attack, the attack node violates the above rules to exhaust the network resource. Firstly, the attacker selects many IP addresses which are not in the networks if he knows the scope of IP address in the networks. Because no node can answer RREP packets for these RREQ, the reverse route in the route table of node will be conserved for longer. The attacker can select random IP addresses if he cannot know scope of IP address.Secondly, the attacker successively originates mass RREQ messages for these void IP addresses. The attacker tries to send excessive RREQ without considering Request rate limit within per second.

I have implemented a code for adding flood attack in Mobile ad-hoc network. For flooding entire network with request packet I have taken one flood timer which continuously send request packet to his neighbor. For adding flood timer code is below, add the ftimer class in the constructor. This change should be done in AODV.cc file

AODV::AODV(nsaddr_t id) : Agent(PT_AODV), btimer(this), htimer(this), ntimer(this),rtimer(this), lrtimer(this),ftimer(this),ctimer(this),rqueue()

//Added by NVT
FloodTimer::handle(Event*) {
if (index == 1 ) {
// node 1 will be a attacker, flood attacker !
Scheduler::instance().schedule(this, &intr, FLOOD_INTERVAL);
now change the AODV.h file , add the flood timer class above broadcast timer class. And also define the flood interval at very begining for aodv.h file, just like below. Here flood timer is 0.09 sec. every 0.09 second attacker will send the request packet to his neighbor.

#define FLOOD_INTERVAL 0.09
class FloodTimer : public Handler {
FloodTimer(AODV* a):    agent(a){}
void     handle(Event*);
AODV     *agent;
Event     intr;
After adding this adding flood timer now add the flood attacker logic. which send the fake request packet into the network. add it to below sendrequest function of AODV.cc
//Added by NVT
AODV::FloodRREQ(nsaddr_t dst){
Packet *p = Packet::alloc();
struct hdr_cmn *ch = HDR_CMN(p);
struct hdr_ip *ih = HDR_IP(p);
struct hdr_aodv_request *rq = HDR_AODV_REQUEST(p);
aodv_rt_entry *rt = rtable.rt_lookup(dst);
printf("\n**********************in 'in FloodRREQ' at node::%d*****************************",index);
// Fill out the RREQ packet
// ch->uid() = 0;
ch->ptype() = PT_AODV;
ch->size() = IP_HDR_LEN + rq->size();
ch->iface() = -2;
ch->error() = 0;
ch->addr_type() = NS_AF_NONE;
ch->prev_hop_ = index;
ih->saddr() = index;
ih->daddr() = IP_BROADCAST;
ih->sport() = RT_PORT;
ih->dport() = RT_PORT;
// Fill up some more fields.
//printf("\n Fill up some more fields in SENDrequest functin\n");
rq->rq_type = AODVTYPE_RREQ;
rq->rq_hop_count = 1;
rq->rq_bcast_id = bid++;
rq->rq_dst = dst;
rq->rq_dst_seqno = num;
rq->rq_src = index;
seqno += 2;
assert ((seqno%2) == 0);
rq->rq_src_seqno = seqno;
rq->rq_timestamp = CURRENT_TIME;
Scheduler::instance().schedule(target_, p, 0.);

基于NS2的Ad Hoc网络AODV路由协议性能评估的仿真

NS2(Network SimulationVersion 2)是一款功能强大的网络模拟仿真,它是用C++和OTCL两种语言完成的。C++语言编写协议执行模块,OTCL语言编写模拟任务。NS2主要针对...
  • yxb3158
  • yxb3158
  • 2014年12月19日 17:46
  • 2125


感谢原作者 http://blog.csdn.net/ise_gaoyue1990/article/details/7610522/ //#include #include #inc...
  • hzw05103020
  • hzw05103020
  • 2016年12月05日 00:28
  • 1263


转载地址:http://narentada.com/code-for-preventing-flood-attack-in-aodv/ step 1:Create two cache table...
  • norbert_jxl
  • norbert_jxl
  • 2013年07月07日 23:33
  • 1272


  • hainengbunengwan
  • hainengbunengwan
  • 2016年03月16日 17:35
  • 1629


  • u010693479
  • u010693479
  • 2014年05月27日 23:31
  • 673


文档来源https://www.nsnam.org/docs/release/3.19/models/html/aodv.html 我自己进行翻译的,当然在百度翻译的帮助下,中英对照,以防翻译看不懂...
  • qq_27607539
  • qq_27607539
  • 2017年11月07日 00:14
  • 218

NS2 学习笔记—— AODV协议

在NS2中,AODV路由协议主要包括以下几个组件: 1、协议实体 2、路由表 3、定时器 (1)广播定时器 (2)周期Hello报文广播定时器 (3)用于邻居管理的定时器 (4)用于路由...
  • zddxmu
  • zddxmu
  • 2015年03月07日 13:03
  • 1718


  • lwb102063
  • lwb102063
  • 2016年02月21日 17:41
  • 1660


AODV路由分析: 经过一段时间对NS2模拟器的研究,今天真正进入到了对路由算法源代码的分析过程,这里我来一步一步的来对AODV路由算法来进行分析,是自己的一段学习历程,也希望对其他正在受NS2折磨...
  • lwb102063
  • lwb102063
  • 2016年09月28日 16:18
  • 1430


(a)AODV路由发现   AODV路由协议是一种典型的按需驱动路由协议,该算法可被称为纯粹的需求路由获取系统,那些不在活跃路径上的节点不会维持任何相关路由信息,也不会参与任何周期路由表的交换。...
  • Cappuccino92
  • Cappuccino92
  • 2015年12月17日 17:40
  • 2094