To simulate an ICMP attack in OMNeT++ has requires to comprise making a network in which a malicious node use the Internet Control Message Protocol (ICMP) to disrupt, overload, or manipulate communication among the legitimate nodes. ICMP-based attacks, like Ping Flood, Ping of Death, and Smurf Attacks, goal to overwhelm the victim with ICMP echo requests (ping packets) or utilize vulnerabilities in ICMP packet handling. The following is a simple instruct to replicate ICMP attack projects in OMNeT++ using the INET framework.
In this simulation, we will model an ICMP attack using OMNeT++ and focus on the legitimate nodes. This is a guide on how to replicate ICMP attack projects with OMNeT++. For best simulation guidance, phdprime.com offers valuable project ideas and topics.
Key Components of an ICMP Attack Simulation:
- Legitimate Nodes: Devices that are communicating over the network.
- Malicious Node: The attacker, which generates ICMP packets to disrupt or flood the network.
- ICMP Traffic: The attacker utilizes ICMP echo requests (ping packets) to execute attacks such as Ping Flood, Ping of Death, or Smurf Attack.
Steps to Simulate ICMP Attack Projects in OMNeT++
- Install OMNeT++ and INET Framework
- We can download and install OMNeT++ from here.
- Download and install the INET framework from INET GitHub repository. INET offers support for ICMP that is necessary for this kind of simulation.
- Understand ICMP Attacks
General ICMP-based attacks contain:
- Ping Flood: A DoS attack in which an attacker transmits a large amount of ICMP Echo Request (ping) packets to the victim, overwhelming its resources.
- Ping of Death: An attack in which oversized or fragmented ICMP packets are transmitted to crash or freeze the victim system.
- Smurf Attack: A DoS attack in which the attacker transmits ICMP requests to a network’s broadcast address, utilizing spoofed source addresses, triggering several devices to flood the victim with responses.
- Set Up the Network Topology in NED
Make a basic network with a client, server, and an attacker. The attacker will be used ICMP packets to target the server, even though the client transmits legitimate traffic.
Example NED File for ICMP Attack Simulation:
network IcmpAttackNetwork {
submodules:
client: StandardHost {
@display(“p=100,200”);
}
server: StandardHost {
@display(“p=300,200”);
}
attacker: StandardHost {
@display(“p=200,150”);
}
connections allowunconnected:
client.ethg++ <–> Eth100M <–> server.ethg++;
attacker.ethg++ <–> Eth100M <–> server.ethg++;
}
Explanation:
- Client: The legitimate node transmitting regular traffic to the server.
- Server: The target of the ICMP attack.
- Attacker: A malicious node, which generates ICMP packets to attack the server.
- Configure Legitimate Traffic
The client will be transmitted normal traffic to the server using a protocol such as TCP or UDP. It replicates regular network communication.
Example omnetpp.ini Configuration for Client-Server Communication:
[General]
network = IcmpAttackNetwork
sim-time-limit = 100s
# Server application (listening on TCP port 80)
**.server.numApps = 1
**.server.app[0].typename = “TcpServerApp”
**.server.app[0].localPort = 80
# Client application (sending TCP traffic to the server)
**.client.numApps = 1
**.client.app[0].typename = “TcpApp”
**.client.app[0].connectAddress = “server”
**.client.app[0].connectPort = 80
**.client.app[0].tOpen = 0s
**.client.app[0].sendBytes = 1000B
In this setup:
- The client transmits data to the server using TCP.
- It makes a legitimate communication channel, which the attacker will try to disrupt.
- Implement ICMP Attack
The attacker node will make ICMP echo requests (ping packets) to overwhelm the server with high traffic.
Example ICMP Attack Application (IcmpFloodApp):
The following is an instance application, which floods the server with ICMP echo requests (ping) to mimic a Ping Flood attack.
#include “inet/applications/base/ApplicationBase.h”
#include “inet/networklayer/contract/icmpv4/IcmpHeader_m.h”
#include “inet/networklayer/common/L3AddressResolver.h”
#include “inet/common/packet/Packet.h”
class IcmpFloodApp : public inet::ApplicationBase {
protected:
virtual void initialize(int stage) override;
virtual void handleMessage(cMessage *msg) override;
virtual void sendIcmpFlood();
public:
IcmpFloodApp() {}
virtual ~IcmpFloodApp() {}
};
Define_Module(IcmpFloodApp);
void IcmpFloodApp::initialize(int stage) {
if (stage == inet::INITSTAGE_APPLICATION_LAYER) {
// Schedule packet flood to start 1 second after simulation begins
scheduleAt(simTime() + 1.0, new cMessage(“startFlood”));
}
}
void IcmpFloodApp::handleMessage(cMessage *msg) {
if (strcmp(msg->getName(), “startFlood”) == 0) {
sendIcmpFlood();
}
delete msg;
}
void IcmpFloodApp::sendIcmpFlood() {
for (int i = 0; i < 100; i++) { // Send 100 ICMP packets in quick succession
inet::Packet *packet = new inet::Packet(“IcmpEchoRequest”);
// Create ICMP header with echo request type
auto icmpHeader = inet::makeShared<inet::IcmpHeader>();
icmpHeader->setType(inet::ICMP_ECHO_REQUEST);
icmpHeader->setCode(0);
icmpHeader->setCrc(0); // Compute checksum
packet->insertAtFront(icmpHeader);
// Add destination IP for the target server
auto controlInfo = new inet::Ipv4ControlInfo();
controlInfo->setDestAddr(inet::L3AddressResolver().resolve(“server”));
packet->setControlInfo(controlInfo);
send(packet, “out”);
}
}
In this code:
- IcmpFloodApp makes 100 ICMP echo request packets in quick succession to replicate a Ping Flood attack.
- The packets are transmitted to the server’s IP address.
- Configure the Attacker Node for ICMP Flood
In the omnetpp.ini file, set up the attacker node to run the IcmpFloodApp and execute the flood attack.
# Attacker configuration to send ICMP Echo Request packets
**.attacker.numApps = 1
**.attacker.app[0].typename = “IcmpFloodApp”
It sets up the attacker node to flood the server with ICMP packets.
- Monitor and Capture Traffic
We can allow packet capture to monitor both legitimate and attack traffic utilizing Wireshark or any other packet analyser.
Enable Packet Capture in omnetpp.ini:
# Enable packet capture for analyzing the ICMP attack traffic
**.pcapRecorder.enable = true
**.pcapRecorder.packetFilter = “all”
**.pcapRecorder.file = “output/icmp_attack.pcap”
- It will make a .pcap file with both legitimate and malicious traffic that can be investigated using Wireshark.
- Run the Simulation
- We can run the simulation within OMNeT++ to monitor how the client communicates with the server, and how the attacker disturbs the communication by flooding the server with ICMP packets.
- We can observe the network’s behaviour to monitor if the ICMP attack triggers packet loss, connection failures, or resource exhaustion.
- Analyze the Attack Traffic with Wireshark
When the simulation is finish then open the icmp_attack.pcap file in Wireshark and examine the network traffic. We can filter the traffic to view particular types of packets, like ICMP echo requests and responses.
In Wireshark, we can:
- Filter ICMP Traffic: Utilize filters such as icmp or icmp.type == 8 (ICMP echo request).
- Check for ICMP Flood: Examine the amount of ICMP packets being transmitted by the attacker and how the server reacts.
- Analyze Legitimate Traffic Impact: Monitor whether legitimate traffic among the client and server is affected because of the ICMP flood.
- Extend the Simulation
We can expand the ICMP attack simulation by inserting more furthered attack types:
- Ping of Death: Replicate oversized or fragmented ICMP packets, which could crash or freeze the server.
- Smurf Attack: The attacker transmits ICMP requests to the network’s broadcast address with a spoofed source IP, triggering the whole network to flood the victim with responses.
- Mitigating ICMP Attacks: Execute defense mechanisms such as rate-limiting ICMP requests, IP filtering, or IDS (Intrusion Detection Systems) to identify and block ICMP-based attacks.
Example Smurf Attack Simulation:
To replicate a Smurf Attack, the attacker transmits ICMP echo requests to the broadcast address of a network with a spoofed source IP (the victim’s address). All devices within the network respond to the target, overwhelming it.
void IcmpSmurfApp::sendSmurfAttack() {
for (int i = 0; i < 100; i++) {
inet::Packet *packet = new inet::Packet(“SmurfAttackRequest”);
// Create ICMP echo request
auto icmpHeader = inet::makeShared<inet::IcmpHeader>();
icmpHeader->setType(inet::ICMP_ECHO_REQUEST);
icmpHeader->setCode(0);
packet->insertAtFront(icmpHeader);
// Send to broadcast address with victim’s IP as spoofed source
auto controlInfo = new inet::Ipv4ControlInfo();
controlInfo->setDestAddr(inet::Ipv4Address(“192.168.1.255”)); // Broadcast address
controlInfo->setSrcAddr(inet::Ipv4Address(“192.168.1.2”)); // Spoof victim’s IP
packet->setControlInfo(controlInfo);
send(packet, “out”);
}
}
Example Projects for ICMP Attack Simulation:
- Ping Flood Attack: Replicate a DDoS attack in which the attacker floods the target with ICMP echo requests and observe the influence on the server’s performance.
- Ping of Death Attack: Transmit oversized or fragmented ICMP packets to a victim and monitor whether the victim experiences crashes or freezes.
- Smurf Attack: Replicate a network-level DDoS attack in which the attacker utilizes a broadcast address to amplify the amount of ICMP reacts hitting the victim.
- Mitigating ICMP Attacks: Execute defense mechanisms such as rate-limiting ICMP traffic, setting up firewalls, or utilizing IP filters to block spoofed or malicious ICMP packets.
- ICMP Redirect Attack: Mimic an attacker transmitting ICMP redirect messages to alter the routing path of legitimate traffic and execute a man-in-the-middle attack.
This projects encompassed the common steps and essential examples coding to replicate and execute the ICMP Attack Projects utilising the simulator OMNeT++. If you want any more details related to this topic, we will send to you through another manual.