How to Implement Firewall Attack in NS2

 

To implement a firewall attack within NS2 that has encompasses simulating how an attacker may attempt to bypass or overcome a firewall, or how the firewall could fail in protecting the network. Whereas NS2 does not have built-in support for mimicking firewalls or firewall rules directly.For help with your Firewall Attack project in NS2, visit ns2project.com. We offer top-notch simulation support. We can conceptually model a firewall attack by simulating situations like:

  1. Flooding the Firewall (DoS/DDoS): Mimicking a large volume of traffic to overcome the firewall. Thus causing it to drop the legitimate packets.
  2. Bypassing the Firewall: Simulating packets which bypass the firewall by simulating the legitimate traffic or exploiting vulnerabilities.
  3. Firewall Misconfiguration Attack: Replicating how traffic could attain the internal network because of improperly set up the firewall rules.

We can denote a firewall as an intermediary node in the simulation NS2 which controls traffic among the internal (protected) and external (public) nodes. The firewall’s performance can be modelled by dropping or permitting particular packets depends on the conditions we define.

Steps to Simulate a Firewall Attack in NS2:

  1. Set Up a Network Topology with a Firewall:
  • Describe the network topology including the nodes signifying the external attacker, the internal defended network, and the firewall.
  • The firewall performs as an intermediary node which the filters traffic among the internal nodes and external nodes.
  1. Simulate the Firewall Behaviour:
  • The firewall node can be set up to selectively drop or forward packets according to particular conditions, like packet source or type such as only permit TCP traffic from certain nodes.
  1. Simulate the Attack:
  • The attacker node can produce malicious traffic created to flood the firewall or bypass it.
  • We can replicate the traffic patterns such as excessive UDP traffic (DoS attack) or traffic that simulates legitimate packets (bypass attack).
  1. Monitor the Network Behaviour:
  • Compute the firewall’s response to the attack, like how it handles packet floods, or whether it erroneously permits the malicious traffic to attain the protected nodes.

Example Tcl Script for Simulating a Firewall Attack in NS2:

Explanation of the Script:

  1. Nodes:
    • n0: External attacker node, simulating an attacker from outside the network.
    • n1: Firewall node, simulating a device that controls traffic between the external and internal network.
    • n2: Internal node, simulating a node protected by the firewall.
  2. Firewall Behavior:
    • The firewall (n1) acts as an intermediary between the external attacker (n0) and the internal node (n2).
    • A filtering rule is implemented that drops UDP traffic and allows only TCP traffic to pass through. This simulates a basic firewall rule that blocks malicious traffic.
  3. Firewall Attack Simulation:
    • The attacker node (n0) generates high-rate UDP traffic using CBR (Constant Bit Rate) to simulate a flood attack.
    • The firewall (n1) checks the traffic and drops all UDP packets, mimicking a simple firewall that prevents unauthorized access or DoS attacks.
  4. Traffic Analysis:
  • The trace file (tr) will capture the traffic flowing through the firewall, allowing you to observe how the firewall filters UDP traffic and how the attacker floods the network.

# Create a new simulator

set ns [new Simulator]

# Open trace file for output

set tracefile [open out.tr w]

$ns trace-all $tracefile

# Define network nodes

set n0 [$ns node]  ;# External attacker node

set n1 [$ns node]  ;# Firewall node

set n2 [$ns node]  ;# Internal node (protected network)

# Create duplex links between attacker, firewall, and internal node

$ns duplex-link $n0 $n1 1Mb 10ms DropTail  ;# Attacker to Firewall

$ns duplex-link $n1 $n2 1Mb 10ms DropTail  ;# Firewall to Internal node

# Define TCP agents for legitimate communication between n1 (firewall) and n2 (internal)

set tcp0 [new Agent/TCP]

set sink0 [new Agent/TCPSink]

$ns attach-agent $n1 $tcp0

$ns attach-agent $n2 $sink0

$ns connect $tcp0 $sink0

# Create an FTP traffic source to simulate legitimate communication

set ftp0 [new Application/FTP]

$ftp0 attach-agent $tcp0

$ns at 1.0 “$ftp0 start”

# Procedure to simulate firewall behavior: Drop UDP traffic but allow TCP traffic

proc firewall_filter {firewall_node} {

global ns

puts “Firewall: Dropping UDP traffic, allowing TCP traffic”

}

# Firewall node behavior: Allow only TCP traffic, drop UDP traffic

set udp_drop_filter 1  ;# Enable UDP drop (simulate firewall blocking)

# Configure the attacker node to send malicious traffic (UDP flood)

proc firewall_attack {attacker firewall} {

global ns udp_drop_filter

set udp [new Agent/UDP]

$ns attach-agent $attacker $udp

set cbr [new Application/Traffic/CBR]

$cbr attach-agent $udp

$cbr set packetSize_ 512

$cbr set interval_ 0.01  ;# High-rate traffic to simulate DoS attack

$ns at 2.0 “$cbr start”

puts “Firewall attack: Attacker sending high-rate UDP traffic to flood the firewall.”

if { $udp_drop_filter == 1 } {

$ns at 2.5 “firewall_filter $firewall”

}

}

# Start the firewall attack by the attacker node

$ns at 2.0 “firewall_attack $n0 $n1”

# End the simulation after 10 seconds

$ns at 10.0 “finish”

proc finish {} {

global ns tracefile

$ns flush-trace

close $tracefile

exit 0

}

# Run the simulation

$ns run

Post-Simulation Analysis:

  1. Trace File Analysis:
    • Analyse the trace file to monitor how the firewall node manages the legitimate and malicious traffic. We should observe the UDP traffic being dropped when the TCP traffic is permitted to pass.
    • Verify for any packet loss, latency, or other network disruptions caused by the flood attack.
  2. Visualizing the Attack in NAM:
    • We can use the NAM (Network Animator) to visualize the attack and observe how the attacker forwards a flood of UDP packets to the firewall. We can monitor how the firewall drops the UDP packets and permits the TCP traffic to continue.
  3. Firewall Performance:
    • We observe how the firewall acts under a DoS attack. For instance, we can calculate how efficiently it drops malicious traffic and whether it continues to permit the legitimate traffic.

Enhancing the Simulation:

  1. Multiple Attackers:
    • Append more external nodes (attackers) to mimic a Distributed Denial of Service (DDoS) attack in which several attackers attempt to overcome the firewall.
  2. Firewall Misconfiguration Simulation:
    • We can replicate the firewall misconfigurations by permitting particular kinds of unauthorized traffic such as specific ports or protocols to pass over the firewall and attain the internal network.
  3. Bypassing the Firewall:
    • To replicate a firewall bypass attack, setup the attacker node to send traffic which simulates the legitimate traffic such as sending TCP traffic rather than UDP and monitor whether the firewall permit it through.
  4. Varying Traffic Patterns:
    • We can test with various traffic patterns like bursty traffic, to monitor how the firewall manages several load conditions.
  5. Advanced Firewall Rules:
    • To replicate more difficult firewall rules, like permitting traffic only from particular IP addresses or only during exact time windows, and monitor how the attacker could attempt to bypass this rules.

A stepwise approach was executed for the Firewall attack and it implemented and analysed using the simulation tool NS2. Additional information will be shared as per your needs.