How to Simulate ICMP Redirect Attack Projects Using OMNeT++

To simulate an ICMP redirect attack that encompasses a malicious node transmitting falsified ICMP redirect messages to change the routing table of a target node, triggering it to send traffic via a malicious gateway rather than the legitimate route. This kind of attack is utilized to reroute traffic, frequently as part of a man-in-the-middle (MITM) attack, permitting the attacker to intercept or manipulate the data.

In simulation environment OMNeT++, we can be mimicked an ICMP redirect attack utilizing the INET framework by making a network in which the attacker transmits spoofed ICMP redirect packets to the target, convincing it to modify its default gateway. If you face any difficulty then we are there to guide you with best results. Here is a simple guideline to simulate the ICMP redirect attack projects utilizing OMNeT++:
Key Components of an ICMP Redirect Attack Simulation:

1. Victim Node: A legitimate device whose routing table will be changed by the attacker.
2. Attacker Node: The malicious node, which transmits spoofed ICMP redirect messages.
3. Router/Gateway: A legitimate router that the victim normally communicates through.
4. Traffic Flow: Typical traffic among the victim and a server that is manipulated by the attacker utilizing ICMP redirect packets.

Step-by-Step Guide to Simulate an ICMP Redirect Attack Using OMNeT++:

1. Install OMNeT++ and INET Framework

• We can download and install OMNeT++ from here.
• Download and install the INET framework from INET GitHub repository. The INET framework offers the essential tools to manage ICMP messages and routing.

2. Understand ICMP Redirect Attack

An ICMP redirect attack is a kind of attack in which the attacker transmits an ICMP redirect message to the victim, guiding it to modify its routing path. The attacker simulates to be a legitimate router and transmits a message telling the target, which there is a better route obtainable via the attacker’s IP address, so permitting the attacker to intercept traffic.

3. Set Up Network Topology in NED

Describe a network in which a victim, attacker, and router exist. The victim normally communicates via the legitimate router, however the attacker will try to convince the victim to transmit traffic via its own (malicious) route.

Example NED File for ICMP Redirect Simulation:

network IcmpRedirectAttackNetwork {

submodules:

victim: StandardHost {

@display(“p=100,200”);

}

router: Router {

@display(“p=300,200”);

}

server: StandardHost {

@display(“p=500,200”);

}

attacker: StandardHost {

@display(“p=300,300”);

}

connections allowunconnected:

victim.ethg++ <–> Eth100M <–> router.ethg++;

router.ethg++ <–> Eth100M <–> server.ethg++;

attacker.ethg++ <–> Eth100M <–> victim.ethg++;  // Attacker close to victim

}

Explanation:

• Victim: The legitimate node, which the attacker will attempt to redirect.
• Router: The legitimate gateway or router, which typically routes the victim’s traffic.
• Server: The destination of the victim’s traffic.
• Attacker: The malicious node, which will spoof ICMP redirect messages to change the victim’s routing.

4. Configure Legitimate Traffic

Describe a communication flow among the victim and the server via the legitimate router.

Example omnetpp.ini Configuration for Client-Server Communication:

[General]

network = IcmpRedirectAttackNetwork

sim-time-limit = 100s

# Server configuration (listening on TCP port 80)

**.server.numApps = 1

**.server.app[0].typename = “TcpServerApp”

**.server.app[0].localPort = 80

# Victim configuration (sending TCP traffic to the server)

**.victim.numApps = 1

**.victim.app[0].typename = “TcpApp”

**.victim.app[0].connectAddress = “server”

**.victim.app[0].connectPort = 80

**.victim.app[0].tOpen = 0s

**.victim.app[0].sendBytes = 1000B

• The victim transmits TCP packets to the server via the router. It denotes normal communication before the attack.

5. Implement ICMP Redirect Attack

To replicate the ICMP redirect attack, the attacker will be transmitted an ICMP redirect message to the target, telling it to alter its gateway to the attacker’s IP.

Example C++ Code for IcmpRedirectApp (ICMP Redirect Attack Application):

#include “inet/applications/base/ApplicationBase.h”

#include “inet/networklayer/ipv4/Ipv4Header_m.h”

#include “inet/networklayer/contract/icmpv4/IcmpHeader_m.h”

#include “inet/networklayer/contract/ipv4/Ipv4ControlInfo.h”

#include “inet/common/packet/Packet.h”

class IcmpRedirectApp : public inet::ApplicationBase {

protected:

virtual void initialize(int stage) override;

virtual void handleMessage(cMessage *msg) override;

virtual void sendIcmpRedirect();

public:

IcmpRedirectApp() {}

virtual ~IcmpRedirectApp() {}

};

Define_Module(IcmpRedirectApp);

void IcmpRedirectApp::initialize(int stage) {

if (stage == inet::INITSTAGE_APPLICATION_LAYER) {

// Schedule the ICMP redirect attack to occur 1 second after the simulation starts

scheduleAt(simTime() + 1.0, new cMessage(“sendRedirect”));

}

}

void IcmpRedirectApp::handleMessage(cMessage *msg) {

if (strcmp(msg->getName(), “sendRedirect”) == 0) {

sendIcmpRedirect();

}

delete msg;

}

void IcmpRedirectApp::sendIcmpRedirect() {

inet::Packet *packet = new inet::Packet(“IcmpRedirectPacket”);

// Create ICMP redirect header

auto icmpRedirect = inet::makeShared<inet::IcmpRedirect>();

icmpRedirect->setType(inet::ICMP_REDIRECT);

icmpRedirect->setCode(0);  // Redirect datagrams for the network

icmpRedirect->setCrc(0);    // Calculate checksum

// Set the new gateway (attacker’s IP)

icmpRedirect->setGatewayAddress(inet::Ipv4Address(“192.168.1.100”));  // Attacker’s IP

// Add ICMP redirect to the packet

packet->insertAtFront(icmpRedirect);

// Set the destination as the victim

auto controlInfo = new inet::Ipv4ControlInfo();

controlInfo->setDestAddr(inet::L3AddressResolver().resolve(“victim”));

controlInfo->setSrcAddr(inet::L3AddressResolver().resolve(“router”));  // Pretend to be from the router

packet->setControlInfo(controlInfo);

// Send the ICMP redirect to the victim

send(packet, “out”);

}

• IcmpRedirectApp makes and transmits an ICMP redirect packet to the target. The redirect message tells the target to transmit future traffic to the attacker’s IP address.
• The attacker simulates to be the legitimate router by spoofing the source IP address of the ICMP redirect packet.

6. Configure the Attacker Node for ICMP Redirect

In the omnetpp.ini file, set up the attacker node to run the IcmpRedirectApp and execute the redirect attack.

# Attacker configuration for sending ICMP Redirect message

**.attacker.numApps = 1

**.attacker.app[0].typename = “IcmpRedirectApp”

It will set up the attacker node to transmit ICMP redirect messages to the victim, telling it to alter its route.

7. Monitor and Capture Traffic

Allow packet capture to monitor how the attack influence the network traffic, utilizing Wireshark or another packet analyser.

Enable Packet Capture in omnetpp.ini:

# Enable packet capture to analyze the ICMP redirect attack

**.pcapRecorder.enable = true

**.pcapRecorder.packetFilter = “icmp or ip”

**.pcapRecorder.file = “output/icmp_redirect_attack.pcap”

It will capture the ICMP redirect packets and any other related IP traffic that can later be analysed in Wireshark.

8. Run the Simulation

We can run the simulation within OMNeT++ and monitor how the attacker transmits an ICMP redirect to the target. We can observe how the victim responds to the redirect message and if it modifies its routing path to the attacker’s IP.

9. Analyze the Traffic with Wireshark

When the simulation is complete then open the icmp_redirect_attack.pcap file within Wireshark to investigate the network traffic.

In Wireshark, we can:

• Filter ICMP Redirect Messages: Utilize the filter icmp.type == 5 to monitor the ICMP redirect messages.
• Analyze Route Changes: Monitor how the victim’s traffic routing changes after receiving the ICMP redirect message.
• Check for Packet Manipulation: Monitor whether the attacker can effectively intercept or manipulate the traffic by becoming the victim’s gateway.

10. Extend the Simulation

We can prolong the ICMP redirect attack simulation by inserting more furthered behaviours:

• Man-in-the-Middle (MITM) Attack: After the redirect then the attacker can be intercepted traffic, change it, and forward it to the server, replicating a MITM attack.
• Traffic Analysis: Investigate how much of the victim’s traffic is rerouted to the attacker after the ICMP redirect.
• Defensive Mechanisms: Execute security aspects such as filtering ICMP redirects on the victim or setting up the router to detect and block unauthorized ICMP redirect messages.

Example: Forwarding Traffic in MITM Scenario

After the redirect then the attacker can perform as a gateway, forwarding traffic among the target and the server while investigating or changing it.

void IcmpRedirectApp::forwardTraffic(Packet *packet) {

// Forward the victim’s traffic to the actual server

auto controlInfo = new inet::Ipv4ControlInfo();

controlInfo->setDestAddr(inet::L3AddressResolver().resolve(“server”));  // Forward to real server

packet->setControlInfo(controlInfo);

// Forward the packet

send(packet, “out”);

}

Example Projects for ICMP Redirect Attack Simulation:

1. Basic ICMP Redirect Attack: Replicate an ICMP redirect attack in which the victim’s routing table is changed to redirect traffic to a malicious node.
2. MITM Attack via ICMP Redirect: Mimic a man-in-the-middle attack in which the attacker redirects the victim’s traffic, intercepts it, and sends it to the server.
3. Detecting ICMP Redirect Attacks: Execute and replicate defense mechanisms on the victim or router to detect and block ICMP redirect messages.
4. Routing Behavior Analysis: Mimic how the victim’s traffic flow alters after receiving an ICMP redirect and the influence on network performance.

In this entire page, we instructed on how to simulate and analyse the ICMP redirect attack projects through the use of the suggested method using OMNeT++. More specific details will be shared based on your needs.