How to Implement ICMP Attack in NS2

To implement the Internet Control Message Protocol (ICMP) in Network Simulator 2 (ns2), we can simulation different variants that exploit the ICMP like their flood attacks (that is Ping Flood or Smurf Attacks) in which the malevolent node delivers a high amount of ICMP Echo Request packets to congest a target.

Due to ns2 can’t directly help ICMP, we can replicate ICMP activities using UDP agents with small packet sizes and low packet rates, imitating ICMP Echo Request and Reply traffic. The mischievous nodes will send a high rate of UDP packets to overwhelm the target, which behaves like an ICMP flood attack. We provided the necessary steps to accomplish it in ns2:

  1. Steps to Implement an ICMP Attack in NS2:
  1. Create the network topology: Configure nodes as well as normal hosts and an attacker that will operate the ICMP flood attack.
  2. Simulate normal traffic: Build normal communication amongst authorized nodes.
  3. Simulate the ICMP attack: Develop the attacker node to send a flood of ICMP-like packets (using UDP) to the target.
  4. Capture and analyze the impact: Trace the simulation to monitor the impacts of the attack.

Example TCL Script for Simulating an ICMP Flood Attack in NS2

This example will design one attacker node (n0) that sends ICMP-like packets (simulated using UDP) to a victim node (n1) to replicate an ICMP flood attack.

TCL Script for NS2 (ICMP Flood Attack Simulation)

# Create a new simulator instance

set ns [new Simulator]

# Open trace and nam files

set tracefile [open “icmp_flood_trace.tr” w]

$ns trace-all $tracefile

set namfile [open “icmp_flood.nam” w]

$ns namtrace-all-wireless $namfile

# Define network nodes

set attacker [$ns node]  ;# Attacker node sending ICMP-like packets

set victim [$ns node]    ;# Victim node receiving the ICMP flood

# Create UDP agents to simulate ICMP traffic

set udp_attacker [new Agent/UDP]

set null_victim [new Agent/Null]

# Attach agents to nodes

$ns attach-agent $attacker $udp_attacker

$ns attach-agent $victim $null_victim

$ns connect $udp_attacker $null_victim

# Function to simulate an ICMP flood attack

proc icmp_flood_attack { attacker victim } {

global ns

# Create a CBR application to simulate ICMP Echo Request flood

set cbr_flood [new Application/Traffic/CBR]

$cbr_flood set packetSize_ 64   ;# Small packet size to simulate ICMP packet (64 bytes)

$cbr_flood set rate_ 10Mb       ;# High traffic rate to overwhelm the victim

$cbr_flood attach-agent $attacker

# Start sending ICMP-like flood traffic

$ns at 1.0 “$cbr_flood start”

$ns at 5.0 “$cbr_flood stop”

}

# Schedule the ICMP flood attack

$ns at 1.0 “icmp_flood_attack $udp_attacker $null_victim”

# Define finish procedure

proc finish {} {

global ns tracefile namfile

$ns flush-trace

close $tracefile

close $namfile

exec nam icmp_flood.nam &

exit 0

}

# End the simulation at 6.0 seconds

$ns at 6.0 “finish”

# Run the simulation

$ns run

Explanation of the Script:

  1. Network Setup:
    • Node attacker is the mischievous node that simulates delivering ICMP-like packets to congest the victim node (victim).
    • UDP agents are used to simulate ICMP traffic because NS2 does not natively support ICMP. The packets are kept small (64 bytes) to simulate the size of common ICMP Echo Requests.
    • Utilize CBR (Constant Bit Rate) application to develop a flood of packets to simulate the ICMP flood attack.
  2. ICMP Flood Simulation:
    • The icmp_flood_attack function replicates the ICMP flood attack by having the attacker send a high rate (10 Mbps) of small packets to the victim node, overwhelming its resources.
    • The attack starts at time 1.0 seconds and finishes at time 5.0 seconds, during which the victim is flooded with packets.
  3. Trace Files and Visualization:
    • The trace file (icmp_flood_trace.tr) logs the traffic events during the attack, which can be evaluated for the influence of the ICMP flood.
    • Use the NAM file (icmp_flood.nam) to envision the attack and its impacts in the NAM network animator.
  1. Customizing the ICMP Attack
  2. a) Increasing the Number of Victims:

You can attach more victim nodes to mimic a distributed attack, where the attacker floods several victims at the same time.

set victim2 [$ns node]

$ns attach-agent $victim2 $null_victim2

$ns connect $udp_attacker $null_victim2

$ns at 1.0 “icmp_flood_attack $udp_attacker $null_victim2”

  1. b) Varying the Traffic Rate:

You can change the traffic rate to simulate various attack intensities. For instance, a fewer rate can be used to simulate a low-bandwidth ICMP attack, while a higher rate simulates a more violent attack.

$cbr_flood set rate_ 20Mb  ;# Increase the flood rate for a more aggressive attack

  1. c) Simulating Legitimate Traffic:

You can simulate authorized traffic amongst nodes during the attack to monitor the effect of the ICMP flood on normal interaction.

# Create normal UDP traffic between two other nodes

set n2 [$ns node]

set n3 [$ns node]

set udp_legit [new Agent/UDP]

set null_legit [new Agent/Null]

$ns attach-agent $n2 $udp_legit

$ns attach-agent $n3 $null_legit

$ns connect $udp_legit $null_legit

# Legitimate traffic

set cbr_legit [new Application/Traffic/CBR]

$cbr_legit set packetSize_ 512

$cbr_legit set rate_ 128Kb

$cbr_legit attach-agent $udp_legit

# Start legitimate traffic

$ns at 1.0 “$cbr_legit start”

$ns at 5.0 “$cbr_legit stop”

  1. d) Measuring Packet Loss:

You can include logic to compute how much validated traffic is lost because of the ICMP flood attack. This can be accomplished by tracking the count of packets obtained by the legitimate nodes.

proc log_packet_loss { victim } {

global ns

set pkts_received [$victim set recv_]

puts “Packets received by $victim: $pkts_received”

}

$ns at 5.5 “log_packet_loss $null_victim”

  1. Analyzing the ICMP Attack

You can assess the trace file to monitor the impact of the ICMP flood attack, after running the simulation:

  • Packet loss: Compute how many packets were dropped by the victim because of the overwhelming traffic load.
  • Throughput: Estimate how much legitimate traffic was influenced by the flood.
  • Network congestion: Assess the network congestion from the attack by examining the trace file (icmp_flood_trace.tr).
  • Visualization: Visualize the attack in the NAM network animator and monitor the flood of packets by using the NAM file (icmp_flood.nam).
  1. Advanced Features (Optional)
  2. a) Simulating Smurf Attack:

A Smurf attack involves broadcasting ICMP Echo Requests to a network’s broadcast address, which causes all hosts on the network to react, flooding the victim with replies.

You can simulate this by delivering packets to several nodes in the network (simulating a broadcast).

set broadcast_address [$ns node]

foreach victim [list $victim1 $victim2 $victim3] {

$ns connect $broadcast_address $victim

$ns at 1.0 “icmp_flood_attack $udp_attacker $broadcast_address”

}

  1. b) Logging Response Times:

You can compute the response times (if the victim reacts with ICMP Echo Replies) to evaluate the effect on the network’s performance during the attack.

  1. c) Distributed Attack Simulation:

Launch multiple attackers flooding the same victim to simulate the DDoS attack.

set attacker2 [$ns node]

$ns attach-agent $attacker2 $udp_attacker2

$ns at 1.0 “icmp_flood_attack $udp_attacker2 $null_victim”

This demonstration has given you the general steps to create a simulation network which help us to implement the ICMP (Internet Control Message Protocol) attack in the ns2 environment and how to attach the modern features to the simulation. If you have any queries about this approach, we will guide you.

We have the tools and skilled professionals to complete your project successfully. For top-notch project advice, reach out to ns2project.com for expert help with ICMP Attack in NS2.