How to Implement Network Probe Attack in NS2

To implement the network probe attack is a reconnaissance method in which an attacker forwards the probe packets to scan a network to find the active hosts, open ports, and services. This kind of attack is generally used to collect their data regarding the network before introducing more targeted attacks. In the network simulator 2 we can mimic a network probe attack by having a malicious node that forward the probe packets such as ICMP Echo Requests, TCP SYNs, or UDP packets to several nodes in the network and to monitor their responses. Receive top-notch project guidance from our team. We specialize in probe packets like ICMP Echo Requests, TCP SYNs, and UDP packets, providing customized support for your specific projects.

Steps to Implement a Network Probe Attack in NS2:

  1. Create the network topology: Configure nodes with normal hosts and an attacker that will execute the probe attack.
  2. Simulate legitimate traffic: Set up the normal communication among the legitimate nodes.
  3. Simulate probe packets: Configure the attacker node to send the probe packets to numerous target nodes in the network.
  4. Capture and analyse responses: Find the simulation to record that the nodes responded to the probe requests, mimicking a network scan.

Example TCL Script for Simulating a Network Probe Attack in NS2

In this instance, the attacker node (n0) sends the probe packets to several target nodes like n1, n2, n3 to identify the active hosts in the network.

TCL Script for NS2 (Network Probe Simulation)

# Create a new simulator instance

set ns [new Simulator]

# Open trace and nam files

set tracefile [open “network_probe_trace.tr” w]

$ns trace-all $tracefile

set namfile [open “network_probe.nam” w]

$ns namtrace-all-wireless $namfile

# Define the attacker and target nodes

set attacker [$ns node]  ;# Attacker node performing the probe attack

set target1 [$ns node]   ;# Target node 1

set target2 [$ns node]   ;# Target node 2

set target3 [$ns node]   ;# Target node 3

# Create UDP agents to simulate probe packets

set udp_attacker [new Agent/UDP]

set null_target1 [new Agent/Null]

set null_target2 [new Agent/Null]

set null_target3 [new Agent/Null]

# Attach agents to nodes

$ns attach-agent $attacker $udp_attacker

$ns attach-agent $target1 $null_target1

$ns attach-agent $target2 $null_target2

$ns attach-agent $target3 $null_target3

# Function to simulate a probe request (like ICMP Echo Request)

proc send_probe_request { attacker target } {

global ns

# Create a CBR application to simulate a probe request

set cbr_probe [new Application/Traffic/CBR]

$cbr_probe set packetSize_ 64  ;# Small packet size (like ICMP request)

$cbr_probe set rate_ 1Kb       ;# Low rate for probe requests

$cbr_probe attach-agent $attacker

# Connect the attacker to the target

$ns connect $attacker $target

# Send the probe request and log the response

$ns at 1.0 “$cbr_probe start”

$ns at 2.0 “$cbr_probe stop”

$ns at 2.1 “log_probe_response $target”

}

# Function to log responses from the target nodes (simulating a response to a probe)

proc log_probe_response { target } {

global ns

# Log a response if the target is active (i.e., it responds to the probe)

puts “Probe response received from target $target”

}

# Send probe requests to all target nodes (network probe attack)

$ns at 1.0 “send_probe_request $udp_attacker $null_target1”

$ns at 1.5 “send_probe_request $udp_attacker $null_target2”

$ns at 2.0 “send_probe_request $udp_attacker $null_target3”

# Define finish procedure

proc finish {} {

global ns tracefile namfile

$ns flush-trace

close $tracefile

close $namfile

exec nam network_probe.nam &

exit 0

}

# End the simulation at 3.0 seconds

$ns at 3.0 “finish”

# Run the simulation

$ns run

Explanation of the Script:

  1. Network Setup:
    • The attacker node sends the probe requests to three target nodes that is target1, target2, target3.
    • UDP agents are used to mimic the probe packets and a CBR (Constant Bit Rate) traffic generator is used to replicate the sending of small probe packets same to ICMP Echo Requests or TCP SYNs.
  2. Probe Request Simulation:
    • The send_probe_request function mimics from the attacker node to a target node are sending of a probe packet. The log_probe_response function records whether a target node reacts to the probe, mimicking a network scan in which the attacker tests for active hosts.
  3. Trace Files and Visualization:
    • The trace file (network_probe_trace.tr) records the probe requests and the responses.
    • The NAM file (network_probe.nam) that permits to visualize the network probe attack using the NAM network animator.
  1. Customizing the Network Probe Attack
  2. a) Using Different Packet Types (TCP SYN, UDP):

We can change the script to use TCP SYN packets rather than UDP to replicate more realistic network scans like a TCP SYN scan to identify open ports.

Substitute the UDP agent with a TCP agent:

set tcp_attacker [new Agent/TCP]

set tcp_sink [new Agent/TCPSink]

$ns attach-agent $attacker $tcp_attacker

$ns attach-agent $target $tcp_sink

$ns connect $tcp_attacker $tcp_sink

  1. b) Increasing the Number of Targets:

We can append additional target nodes to mimic a larger network being probed by the attacker. We can describe more nodes and append more calls to send_probe_request.

set target4 [$ns node]

$ns at 2.5 “send_probe_request $udp_attacker $null_target4”

  1. c) Logging Only Active Hosts:

We can change the log_probe_response function to log simply active hosts (nodes that respond to the probe). For instance, we can replicate the scenarios in which some hosts are offline or secure by firewalls.

proc log_probe_response { target is_active } {

if { $is_active == 1 } {

puts “Active host detected: $target responded to the probe”

} else {

puts “No response from $target (host down or protected)”

}

}

  1. d) Simulating Stealthy Scanning:

To replicate a stealthy network scan then we can decrease the rate of the probe packets and spread them across a longer period and creating the scan harder to identify by network security systems.

$cbr_probe set rate_ 500b   ;# Very low rate for stealth scanning

$ns at 10.0 “send_probe_request $udp_attacker $null_target1”  ;# Delay the probes

  1. Analysing the Network Probe Attack

We can evaluate the trace file, fter running the simulation that to determine which the nodes are responded to the probe requests and mimicking the outcomes of a network scan. Given below are a few analysis techniques:

  • Identifying active hosts: By verifying that the nodes are responded to the probe requests, we can ascertain which hosts are active in the network.
  • Packet capture: We can inspect the trace file (network_probe_trace.tr) to estimate the packets sent during the probe attack.
  • Network visualization: We can use the NAM file (network_probe.nam) to visualize the probe requests and reactions in the NAM network animator.
  1. Advanced Features (Optional)
  2. a) Simulating Firewall Protection:

We can simulate firewall protection on some target nodes by set up them not to respond to probe requests.

proc log_probe_response { target is_firewall_enabled } {

if { $is_firewall_enabled == 1 } {

puts “Firewall enabled on $target, no response sent”

} else {

puts “Probe response received from $target”

}

}

  1. b) Simulating Network Congestion:

We can simulate how a network probe may impact the network performance by launching more background traffic that might cause congestion in the probe.

set udp_background [new Agent/UDP]

set cbr_background [new Application/Traffic/CBR]

$cbr_background set packetSize_ 512

$cbr_background set rate_ 512Kb  ;# High background traffic rate

$cbr_background attach-agent $udp_background

$ns at 1.0 “$cbr_background start”

$ns at 5.0 “$cbr_background stop”

  1. c) Logging the Response Time (RTT):

We can compute the Round-Trip Time (RTT) for every probe request to establish how long it takes for every node to respond.

proc measure_rtt { start_time end_time } {

set rtt [expr $end_time – $start_time]

puts “Round-trip time (RTT): $rtt seconds”

}

Overall, the above step-by-step procedure was applied to the Network Probe Attack with the execution and analysis performed via the simulation tool ns2. If you need further details on this topic, we will be presented.