How to Implement SYN Flood Attack in NS2

 

To implement a SYN flood attack in ns2 has several steps to follow and it is commonly carried out using tools such as hping3 in real networks that needs to mimic a similar attack mechanism inside the NS2 environment. A SYN flood attack is a kind of Denial-of-Service (DoS) attack in which the attacker sends a large number of TCP SYN packets to the target server, that congested it with connection requests and leads resource exhaustion.

While NS2 is a network simulator and cannot execute tools such as hping3 directly, we want to mimic the impact of the SYN flood by having multiple attacker nodes send TCP SYN packets (or start TCP connections) to a victim node, like to how hping3 would work.

Here is the detailed procedure to implement the SYN flood attack in ns2:

Steps to Simulate a SYN Flood Attack in NS2:

  1. Set Up the Network Topology:
  • Describe multiple nodes that denotes attackers and a target server.
  • Use a TCP agent to mimic SYN packets by starting TCP connections from the attacker nodes to the target node.
  1. Simulate TCP SYN Flood Behavior:
  • Setup the attacker nodes to repetitively send SYN packets by starting many TCP connection requests but then again never completing the handshake like not sending ACK packets.
  • This will mimic the behaviour of a SYN flood attack.
  1. Monitor the Victim Node:
  • Discern the behaviour of the victim node (server) as it becomes congested by the SYN packets. We need to evaluate the parameters such as packet loss, throughput, or connection drops to assess the impact.

Tcl Script Example for SYN Flood Attack Simulation in NS2:

# Create a new simulator object

set ns [new Simulator]

# Open the output trace file

set tracefile [open out.tr w]

$ns trace-all $tracefile

# Define network nodes (attacker and target)

set attacker1 [$ns node] ;# Attacker 1

set attacker2 [$ns node] ;# Attacker 2

set attacker3 [$ns node] ;# Attacker 3

set server [$ns node] ;# Target server

# Create duplex links between attackers and server

$ns duplex-link $attacker1 $server 1Mb 10ms DropTail

$ns duplex-link $attacker2 $server 1Mb 10ms DropTail

$ns duplex-link $attacker3 $server 1Mb 10ms DropTail

# Set up TCP agents to simulate SYN flood attack

set tcp1 [new Agent/TCP]

set tcp2 [new Agent/TCP]

set tcp3 [new Agent/TCP]

set sink [new Agent/TCPSink]

# Attach TCP agents to attacker nodes

$ns attach-agent $attacker1 $tcp1

$ns attach-agent $attacker2 $tcp2

$ns attach-agent $attacker3 $tcp3

$ns attach-agent $server $sink

# Connect the TCP agents from attackers to the server

$ns connect $tcp1 $sink

$ns connect $tcp2 $sink

$ns connect $tcp3 $sink

# Create an application to simulate the attack traffic

# Attacker 1 starts the SYN flood

proc syn_flood {attacker tcp interval start_time} {

global ns

set cbr [new Application/Traffic/CBR]

$cbr attach-agent $tcp

$cbr set packetSize_ 512

$cbr set interval_ $interval

$ns at $start_time “$cbr start”

}

# Start the SYN flood attack from all attackers

$ns at 1.0 “syn_flood $attacker1 $tcp1 0.001 1.0”

$ns at 1.0 “syn_flood $attacker2 $tcp2 0.001 1.0”

$ns at 1.0 “syn_flood $attacker3 $tcp3 0.001 1.0”

# Stop the attack after some time (10 seconds)

$ns at 10.0 “finish”

proc finish {} {

global ns tracefile

$ns flush-trace

close $tracefile

exit 0

}

# Run the simulation

$ns run

Explanation of the Script:

  1. Nodes:
    • The script describes four nodes: three attacker nodes (attacker1, attacker2, attacker3) and one server node (server), that is the victim of the SYN flood attack.
  2. Links:
    • Duplex links are generated among each attacker node and the server node, with bandwidth set to 1Mb and propagation delay set to 10ms.
  3. TCP Agents:
    • TCP Agents (tcp1, tcp2, and tcp3) are attached to each of the attacker nodes to mimic the sending of TCP SYN packets.
    • A TCPSink agent is attached to the server to signify the server that manages incoming connection requests (SYN packets).
  4. SYN Flood Traffic:
    • The procedure syn_flood mimic the SYN flood attack by creating high-rate traffic from each attacker node to the server using CBR (Constant Bit Rate) traffic sources.
    • The attack initiates at 1.0 second and continues until the end of the simulation.
  5. Attack Intensity:
    • The interval among packet transmissions is set to a very low value (0.001 seconds), mimic a high-intensity SYN flood attack.
  6. Simulation End:
    • The simulation is scheduled to end after 10 seconds, enable them to observe the effects of the SYN flood attack during this period.

Analysing the SYN Flood Attack:

  1. Trace File Analysis:
    • After executing the simulation, evaluating the trace file (out.tr) to monitor the packets sent by the attackers and how the server manages the traffic. we can test the number of connection requests and see how many were successfully introduced or dropped.
  2. Metrics to Measure:
    • Packet Loss: Validate how many connection requests (SYN packets) were dropped by the server because of overload.
    • Throughput: Evaluate the server’s throughput before and during the attack to monitor the degradation affected by the SYN flood.
    • Latency: monitor how the delay among the server and legitimate clients (if any) increases because of the attack.
  3. Network Animator (NAM):
    • Use NAM (Network Animator) to envision the emulation and lookout how the attackers flood the server with connection requests.

Variations of the Attack:

  • Multiple Servers: we can adjust the script to contain multiple target servers to mimic a more distributed attack.
  • Different Traffic Patterns: adapt the packet size or the interval to mimic diverse attack intensities.
  • Legitimate Traffic: we can add appropriate traffic to the network to monitor how it gets impacted by the SYN flood attack.

Finally we discussed and provide all kinds of information about the SYN flood attack in ns2 tool and additionally we support how the SYN flood attack will perform in other scenarios.

We have successfully implemented SYN Flood Attack in NS2 and are here to guide you through the process. For tailored ideas and topics, please visit ns2project.com. We offer exceptional simulation assistance. Our team has experience with multiple attacker nodes, so stay connected with us for optimal results.