How to Simulate Teardrop Attack Projects Using OMNeT++

To simulate teardrop attack in OMNeT++, we need to simulate a teardrop attack by generating a network in which an attacker transmit malformed fragmented IP packets to a victim, that trigger packet reassembly errors, consequential in degraded system performance or system smashes.

A Teardrop Attack is a one of the kind of denial-of-service (DoS) attack that exploits the way IP fragmentation performs. In this attack, an attacker transmits fragmented IP packets with overlapping offset environment. When the victim’s machine attempt to reassemble these fragmented packets, it can trigger the system to smash or act unpredictably because of the difficulty in managing the inappropriate reassembly.

Key Components for a Teardrop Attack Simulation:

1. Legitimate Nodes: Normal devices in the network (e.g., clients, servers) that participate in standard interaction.
2. Victim Node: The target machine that will receive the malformed fragmented packets and tries to reassemble them.
3. Attacker Node: The malicious node that transmits fragmented IP packets with overlapping offsets to crash or slow down the victim.
4. IP Fragmentation: The process of splitting large IP packets into smaller fragments that can be exploited in a teardrop attack by adjusting the fragmentation offset fields.

Step-by-Step Guide to Simulate a Teardrop Attack Using OMNeT++

1. Install OMNeT++ and INET Framework

• Download and install OMNeT++.
• Download and install the INET framework from INET GitHub repository. INET that contain support for IP fragmentation, TCP/IP, and UDP communication protocols, that are essential for simulating the attack.

2. Understand the Teardrop Attack

In a Teardrop Attack:

• The attacker transmits fragmented IP packets with manipulated fragmentation offset values that overlap.
• When the victim attempt to reassemble these packets, the overlapping offsets triggers an error that can crash the system or destroy its performance.
• Older operating systems, particularly pre-patched versions of Windows (Windows 95, 98, NT, etc.), were mainly susceptible to this threat.

3. Set up Network Topology in NED

Describe a basic network with the attacker, victim, and server. The attacker transmit fragmented packets to the victim, while normal interaction happens among the client and server.

Example NED File for Teardrop Attack Simulation:

network TeardropAttackNetwork {

submodules:

attacker: StandardHost {

@display(“p=100,250”);

}

victim: StandardHost {

@display(“p=300,250”);

}

server: StandardHost {

@display(“p=500,250”);

}

connections allowunconnected:

attacker.ethg++ <–> Eth100M <–> victim.ethg++;

victim.ethg++ <–> Eth100M <–> server.ethg++;

}

Explanation:

• Attacker: The node that transmit the fragmented IP packets to the victim.
• Victim: The target node that receives the fragmented packets and tries to reassemble them.
• Server: A regular node that interacts normally with the victim.

4. Configure Legitimate Traffic

Describe the normal communication among the victim and the server. For instance, the victim transmit HTTP or TCP packets to the server.

Example omnetpp.ini Configuration for Legitimate Traffic:

network = TeardropAttackNetwork

sim-time-limit = 100s

# Server configuration (listening on TCP port 80)

**.server.numApps = 1

**.server.app[0].typename = “TcpServerApp”

**.server.app[0].localPort = 80

# Victim configuration (sending TCP traffic to the server)

**.victim.numApps = 1

**.victim.app[0].typename = “TcpApp”

**.victim.app[0].connectAddress = “server”

**.victim.app[0].connectPort = 80

**.victim.app[0].sendBytes = 1000B

**.victim.app[0].tOpen = 1s

In this configuration, the victim transmits normal TCP traffic to the server. The attacker, on the other hand, will attempt to disturb the victim’s interaction by sending fragmented IP packets.

5. Implement the Teardrop Attack

The attacker transmits fragmented IP packets with overlapping offsets. We need to replicate this by creating custom IP packets and manually setting the fragment offset fields.

Example C++ Code for TeardropAttackApp (Teardrop Attack Application):

#include “inet/applications/base/ApplicationBase.h”

#include “inet/networklayer/ipv4/Ipv4Header_m.h”

#include “inet/common/packet/Packet.h”

#include “inet/networklayer/contract/ipv4/Ipv4ControlInfo.h”

class TeardropAttackApp : public inet::ApplicationBase {

protected:

virtual void initialize(int stage) override;

virtual void handleMessage(cMessage *msg) override;

virtual void sendFragmentedPackets();

public:

TeardropAttackApp() {}

virtual ~TeardropAttackApp() {}

};

Define_Module(TeardropAttackApp);

void TeardropAttackApp::initialize(int stage) {

if (stage == inet::INITSTAGE_APPLICATION_LAYER) {

// Start the attack after 2 seconds

scheduleAt(simTime() + 2.0, new cMessage(“startAttack”));

}

}

void TeardropAttackApp::handleMessage(cMessage *msg) {

if (strcmp(msg->getName(), “startAttack”) == 0) {

sendFragmentedPackets();

}

delete msg;

}

void TeardropAttackApp::sendFragmentedPackets() {

for (int i = 0; i < 10; i++) {  // Send 10 fragmented packets with overlapping offsets

inet::Packet *packet = new inet::Packet(“TeardropPacket”);

// Create IP header with fragmentation

auto ipv4Header = inet::makeShared<inet::Ipv4Header>();

ipv4Header->setFragmentOffset(i * 100);  // Set overlapping offsets

ipv4Header->setMoreFragments(i < 9);     // Mark fragments except the last one

ipv4Header->setIdentification(1234);     // Same identification for all fragments

packet->insertAtFront(ipv4Header);

// Send the fragmented packet to the victim

auto controlInfo = new inet::Ipv4ControlInfo();

controlInfo->setDestAddr(inet::L3AddressResolver().resolve(“victim”));

packet->setControlInfo(controlInfo);

send(packet, “out”);

}

}

In this code:

• TeardropAttackApp creates fragmented IP packets with overlapping offsets and transmit them to the victim.
• Each packet fragment has an overlapping fragment offset that triggers reassembly issues on the victim side.

6. Configure Attacker Node

In the omnetpp.ini file, configure the attacker node to execute the TeardropAttackApp to initiate sending fragmented IP packets to the victim.

# Attacker configuration for performing the teardrop attack

**.attacker.numApps = 1

**.attacker.app[0].typename = “TeardropAttackApp”

This configuration makes sure that the attacker launches the teardrop attack in the period of the simulation.

7. Monitor and Capture Traffic

Allow packet capture in OMNeT++ to track the fragmented IP packets transmit by the attacker and see how the victim reacts to them.

Enable Packet Capture in omnetpp.ini:

# Enable packet capture to analyze the teardrop attack

**.pcapRecorder.enable = true

**.pcapRecorder.packetFilter = “all”

**.pcapRecorder.file = “output/teardrop_attack.pcap”

This will create a .pcap file that we can evaluate in Wireshark to see how the fragmented packets are being transmit and how the victim attempts to reassemble them.

8. Run the Simulation

Execute the simulation in OMNeT++ and monitor how the attacker transmits malformed fragmented packets to the victim, and how the victim fights to reassemble the packets.

9. Analyse Results

• Fragmented Packets: Validate in Wireshark or OMNeT++ logs if the fragmented packets sent by the attacker have overlapping offsets.
• Victim’s Response: Measure the victim’s logs to control if the victim is struggling to reassemble the fragmented packets and either it outcomes in packet loss, system slowdown, or failure.
• Performance Impact: Evaluate the victim’s performance (such as packet loss, processing delays) because of the attack.

10. Extend the Simulation

We can prolong the simulation by adding the following characteristics:

• Defense Mechanisms: Apply a firewall or packet filtering system to identify and block malformed fragmented packets.
• Advanced Attack Variants: Attempt different fragmentation methods to see which ones trigger the most interruption.
• Multiple Victims: Mimic a scenario in which the attacker targets multiple victims to monitor the spread of the threats.
• Different Protocols: Replicate the impact of the teardrop attack on different protocols (such as UDP vs. TCP).

We deliver the basic to advanced concepts to understand the simulation process to simulate and visualize the results for teardrop attack using the tool of OMNeT++. We plan to deliver more information regarding this process in upcoming manual.

If you want more information based on your project , just send us a message! We’re here to help you get the best results for your projects. Our team can create a comparative analysis that fits your needs perfectly. We have all the tools and resources to complete your work, so reach out to us, and we’ll provide you with great support and clear explanations.