NS2中基于AODV协议实现的请求洪泛攻击

转载地址:http://narentada.com/what-is-flood-attack-code-for-request-flood-attack-in-aodv-routing-protocol/

Mobile ad hoc networks will often be deployed in environments where the nodes of the networks are unattended and have little or no physical protection against tampering. The nodes of mobile ad hoc networks are thus susceptible to compromise. The networks are particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. The new DOS attack, called Ad Hoc Flooding Attack (AHFA), can result in denial of service when used against on-demand routing protocols for mobile ad hoc networks, such as AODV, DSR. The intruder broadcasts mass Route Request packets to exhaust the communication bandwidth and node resource so that the valid communication cannot be kept. The injected packet is fake packet, attacker put his own define value in RREQ packet in order to make this attack for dangerous.

The attacker selects many IP addresses which are not in the networks. No node in the network can answer RREP packets for these RREQ. The attacker successively originates mass RREQ messages for these void IP addresses. The attacker will resend the RREQ packets without waiting for the RREP or round-trip time.  They flood the RREQ messages at particular time interval. Their neighbor nodes don‟t know the route to that destination so rebroadcast RREQ. Attacker constantly injects false RREQ packets into the network. Due to false generation, attacker can introduce a new DOS attack to exhaust the communication bandwidth and node resource so that the valid communication cannot be kept. If attacker is out of control it will flood the entire network and degrade the performance of Manet‟s very high extent.

Motivation to prevent flood attack
Flooding RREQ packets in the whole network will consume a lot of resource of network. To reduce congestion in a network, the AODV protocol adopts some methods. A node can not originate more than RREQ_RATELIMIT RREQ messages per second. After broadcasting a RREQ, a node waits for a RREP. If a route is not received within round-trip milliseconds, the node may try again to discover a route by broadcasting another RREQ, up to a maximum of retry times at the maximum TTL value. In the Flooding  attack, the attack node violates the above rules to exhaust the network resource. Firstly, the attacker selects many IP addresses which are not in the networks if he knows the scope of IP address in the networks. Because no node can answer RREP packets for these RREQ, the reverse route in the route table of node will be conserved for longer. The attacker can select random IP addresses if he cannot know scope of IP address.Secondly, the attacker successively originates mass RREQ messages for these void IP addresses. The attacker tries to send excessive RREQ without considering Request rate limit within per second.

I have implemented a code for adding flood attack in Mobile ad-hoc network. For flooding entire network with request packet I have taken one flood timer which continuously send request packet to his neighbor. For adding flood timer code is below, add the ftimer class in the constructor. This change should be done in AODV.cc file

AODV::AODV(nsaddr_t id) : Agent(PT_AODV), btimer(this), htimer(this), ntimer(this),rtimer(this), lrtimer(this),ftimer(this),ctimer(this),rqueue()
增加下列代码在 BroadcastTimer之后:

//Added by NVT
void
FloodTimer::handle(Event*) {
//agent->nimble=true;
if (index == 1 ) {
agent->FloodRREQ(99);
 
// node 1 will be a attacker, flood attacker !
}
 
Scheduler::instance().schedule(this, &intr, FLOOD_INTERVAL);
}
now change the AODV.h file , add the flood timer class above  broadcast timer class . And also define the flood interval at very begining for aodv.h file, just like below. Here flood timer is 0.09 sec. every 0.09 second attacker will send the request packet to his neighbor.

#define FLOOD_INTERVAL 0.09
class FloodTimer : public Handler {
public:
FloodTimer(AODV* a):    agent(a){}
void     handle(Event*);
private:
AODV     *agent;
Event     intr;
};
After adding this adding flood timer now add the flood attacker logic. which send the fake request packet into the network. add it to below sendrequest function of AODV.cc
//Added by NVT
void
AODV::FloodRREQ(nsaddr_t dst){
//printf("");
Packet *p = Packet::alloc();
 
struct hdr_cmn *ch = HDR_CMN(p);
struct hdr_ip *ih = HDR_IP(p);
struct hdr_aodv_request *rq = HDR_AODV_REQUEST(p);
aodv_rt_entry *rt = rtable.rt_lookup(dst);
//printf("\nrt_flags======%d\n",rt->rt_flags);
 
printf("\n**********************in 'in FloodRREQ' at node::%d*****************************",index);
rtable.rt_display(index);
// Fill out the RREQ packet
// ch->uid() = 0;
ch->ptype() = PT_AODV;
ch->size() = IP_HDR_LEN + rq->size();
ch->iface() = -2;
ch->error() = 0;
ch->addr_type() = NS_AF_NONE;
ch->prev_hop_ = index;
 
ih->saddr() = index;
ih->daddr() = IP_BROADCAST;
ih->sport() = RT_PORT;
ih->dport() = RT_PORT;
ih->ttl_ = NETWORK_DIAMETER;
// Fill up some more fields.
//printf("\n Fill up some more fields in SENDrequest functin\n");
 
rq->rq_type = AODVTYPE_RREQ;
rq->rq_hop_count = 1;
rq->rq_bcast_id = bid++;
rq->rq_dst = dst;
rq->rq_dst_seqno = num;
rq->rq_src = index;
seqno += 2;
assert ((seqno%2) == 0);
rq->rq_src_seqno = seqno;
rq->rq_timestamp = CURRENT_TIME;
num=num+2;
Scheduler::instance().schedule(target_, p, 0.);
}





评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值