How to Simulate Firewall Attack Projects Using NS2

To simulate a firewall attack using NS2 (Network Simulator 2), which encompasses to design the behavior of a network in which an attacker attempts to bypass or devastate a firewall including malicious traffic. The firewall that could be signified by a node or mechanism within the network filters incoming and outgoing traffic according to the predefined rules. We can replicate the firewall behaviors like packet filtering, denial of service (DoS) protection, or intrusion detection, also mimic several attacks to breach or devastate the firewall.

In this simulation, we can concentrate on:

• Firewall Behavior: Replicating how firewall strains packets rely on the IP addresses, ports, or protocols.
• Attacker Node: This node makes malicious traffic to bypass or devastate the firewall.
• Legitimate Client Nodes: These make normal traffic that the firewall would permit through.

We will replicate a network in which the firewall attempts to the block malicious traffic from the attacker even though permitting the legitimate traffic from trusted nodes.

Step 1: Understand the Firewall Attack

General firewall attacks contain:

1. Denial of Service (DoS): The attacker overflows the firewall with traffic and devastating it in addition triggering the legitimate traffic to be dropped.
2. Packet Spoofing: The attacker forges packets to emerge as though they come from a legitimate source that trying to bypass firewall rules.
3. Port Scanning: The attacker examines the network behind the firewall to detect the open ports or services.

Step 2: Design the Network Topology

We will create a network with:

• Client Nodes: These are legitimate nodes, which transmit normal traffic via the firewall.
• Attacker Node: This node tries to breach the firewall including the malicious traffic.
• Firewall Node: This node performs as a firewall that examining and sieving the traffic before sending it to the target server.
• Server Node: This node denotes the destination of both legitimate and malicious traffic.

Step 3: Create an NS2 TCL Script for Simulating Firewall and Attack Behavior

Following is an instance NS2 TCL script, which replicates a firewall attack in which the firewall tries to block malicious traffic from an attacker and permit the legitimate traffic from trusted clients.

Example: Firewall Attack Simulation in NS2

# Create a new NS2 simulator object

set ns [new Simulator]

# Define network topology with 5 nodes

set client1 [$ns node]    ;# Legitimate Client 1

set client2 [$ns node]    ;# Legitimate Client 2

set attacker [$ns node]   ;# Attacker

set firewall [$ns node]   ;# Firewall node

set server [$ns node]     ;# Server

# Create duplex links between the nodes (1Mb bandwidth, 10ms delay)

$ns duplex-link $client1 $firewall 1Mb 10ms DropTail

$ns duplex-link $client2 $firewall 1Mb 10ms DropTail

$ns duplex-link $attacker $firewall 1Mb 10ms DropTail

$ns duplex-link $firewall $server 1Mb 10ms DropTail

# Enable queue tracing for each link

$ns trace-queue $client1 $firewall “firewall_attack.tr”

$ns trace-queue $client2 $firewall “firewall_attack.tr”

$ns trace-queue $attacker $firewall “firewall_attack.tr”

$ns trace-queue $firewall $server “firewall_attack.tr”

# Define UDP agents for client and attacker traffic

set udp_client1 [new Agent/UDP]

$ns attach-agent $client1 $udp_client1

set udp_client2 [new Agent/UDP]

$ns attach-agent $client2 $udp_client2

set udp_attacker [new Agent/UDP]

$ns attach-agent $attacker $udp_attacker

# Define a UDP sink (Null agent) at the server to receive legitimate and attack traffic

set sink [new Agent/Null]

$ns attach-agent $server $sink

# Connect clients and attacker to the server through the firewall

$ns connect $udp_client1 $sink

$ns connect $udp_client2 $sink

$ns connect $udp_attacker $sink

# Define CBR traffic for legitimate clients

set cbr_client1 [new Application/Traffic/CBR]

$cbr_client1 set packetSize_ 512

$cbr_client1 set interval_ 0.1    ;# 10 packets per second

$cbr_client1 attach-agent $udp_client1

set cbr_client2 [new Application/Traffic/CBR]

$cbr_client2 set packetSize_ 512

$cbr_client2 set interval_ 0.1    ;# 10 packets per second

$cbr_client2 attach-agent $udp_client2

# Start legitimate traffic from both clients

$ns at 1.0 “$cbr_client1 start”

$ns at 1.5 “$cbr_client2 start”

# Define the firewall behavior

proc firewall_filter {src_node attacker_node sink} {

global ns

# Simulate firewall filtering

puts “Firewall filtering traffic from $src_node”

# Only allow traffic from legitimate clients (e.g., no attacker traffic)

if { $src_node != $attacker_node } {

$ns at 2.0 “$src_node send $sink”

puts “Firewall allows traffic from $src_node”

} else {

puts “Firewall blocks traffic from attacker at $src_node”

}

}

# Schedule the firewall filtering for client and attacker traffic

$ns at 2.0 “firewall_filter \$udp_client1 \$udp_attacker \$sink”

$ns at 2.5 “firewall_filter \$udp_client2 \$udp_attacker \$sink”

# Define attacker behavior (flooding traffic)

proc firewall_attack {attacker sink} {

global ns

puts “Attacker starts flooding firewall with traffic at 3.0 seconds.”

# Attacker sends high-rate malicious traffic to overwhelm the firewall

set cbr_attack [new Application/Traffic/CBR]

$cbr_attack set packetSize_ 1024  ;# Larger packet size to flood

$cbr_attack set interval_ 0.01    ;# High rate (100 packets per second)

$cbr_attack attach-agent $attacker

$ns at 3.0 “$cbr_attack start”

}

# Schedule the attack at 3.0 seconds

$ns at 3.0 “firewall_attack \$udp_attacker \$sink”

# Stop all traffic after 10 seconds

$ns at 10.0 “$cbr_client1 stop”

$ns at 10.0 “$cbr_client2 stop”

$ns at 10.0 “$udp_attacker reset”

# Trace file for recording the simulation events

set tracefile [open “firewall_attack.tr” w]

$ns trace-all $tracefile

# NAM file for visualizing the simulation

set namfile [open “firewall_attack.nam” w]

$ns namtrace-all $namfile

# Define the finish procedure

proc finish {} {

global ns tracefile namfile

$ns flush-trace

close $tracefile

close $namfile

exec nam firewall_attack.nam &

exit 0

}

# Finish the simulation after 12 seconds

$ns at 12.0 “finish”

# Run the simulation

$ns run

Step 4: Explanation of the Script

1. Network Setup:
   • The network has five nodes they are two legitimate clients (client1 and client2), an attacker, a firewall, and a server.
   • Duplex links are made among the clients, attacker, firewall, and server.
2. Firewall Behavior:
   • The firewall_filter process replicates the firewall rules. The firewall examines traffic and blocks any traffic from the attacker (attacker node), whereas permitting the legitimate traffic from trusted clients (client1 and client2).
3. Legitimate Traffic:
   • The clients make UDP traffic using CBR (Constant Bit Rate), with a moderate rate of 10 packets for each second.
4. Firewall Attack:
   • The attacker makes the high-rate traffic (flooding) beginning at 3.0 seconds to devastate the firewall. The attacker transmits the larger packets (1024 bytes) at a high rate (100 packets per second) to replicate a Denial of Service (DoS) attack.
5. Tracing and Visualization:
   • A trace file (firewall_attack.tr) is made to record the network events.
   • A NAM file (firewall_attack.nam) is generated for envision the simulation.

Step 5: Run the Simulation

1. We can save the script as firewall_attack.tcl.
2. Execute the script in NS2:

ns firewall_attack.tcl

It will make two files:

• firewall_attack.tr: A trace files, which records the packet-level information.
• firewall_attack.nam: A NAM file for envisioning the firewall and attack behaviors.

Step 6: Visualize the Simulation Using NAM

To envision the firewall attack simulation in NAM:

nam firewall_attack.nam

In NAM, we will observe:

• The clients transmitting the legitimate traffic via the firewall to the server.
• The attacker trying to flood the firewall with high-rate traffic beginning at 3.0 seconds.
• The firewall blocking traffic from the attacker even though permitting the traffic from the legitimate clients.

Step 7: Analyze the Trace File

The trace file (firewall_attack.tr) includes in-depth data regarding the following:

• Traffic from legitimate clients: How much traffic effectively passes through the firewall.
• Attacker traffic: How the firewall manages the high-rate attack traffic and whether it efficiently blocks the attack.

We can utilize the AWK, Python, or custom scripts to envision the trace file and extract crucial performance parameters like:

• Packet delivery ratio (PDR) for legitimate traffic.
• Packet loss triggered by the attack.
• Firewall performance under normal and attack conditions.

Step 8: Enhance the Simulation

Below is a few ways to expand or improve the simulation:

1. Advanced Firewall Rules: Replicate more complex firewall rules like filtering depends on port numbers or protocol types (e.g., allow HTTP traffic but block FTP).
2. Simulate Different Attacks: Design other attacks on the firewall, like port scanning, packet spoofing, or DDoS attacks including several attackers.
3. Add Intrusion Detection Systems (IDS): Execute IDS to identify malicious behavior and then improve the firewall’s defense mechanisms.
4. Increase Network Complexity: Insert additional clients, attackers, and services to replicate a larger, more realistic network.
5. Measure Performance Impact: Calculate how the attack impacts the throughput, latency, and packet loss of legitimate traffic.

In conclusion, we comprehensively offered the brief explanation with their examples on how to approach the simulation of Firewall Attack Projects which is executed and simulated in NS2 environment. We plan to offer additional insights through another manual, if necessary.

Let us know all the details of your projects focused on simulating firewall attack scenarios using NS2. Connect with us at phdprime.com, where our team specializes in offering customized support for scholars.