How to Simulate Network Probe Attack Projects Using OMNeT++

To simulate a network probe attack in OMNeT++ has needs to generate a network in which an attacker tries to explore an open ports or live hosts by transmit various kinds of probes like TCP SYN, UDP, or ICMP packets. The attacker manually scans multiple hosts and ports in an attempt to collect information about the network.

Here’s a step-by-step guide to simulating network probe attack projects using OMNeT++.

Steps to Simulate Network Probe Attack Projects in OMNeT++

  1. Set up OMNeT++ and INET Framework
  • Install OMNeT++: Download OMNeT++ from the OMNeT++ official website.
  • Install INET Framework: INET supports a range of network protocols such as TCP, UDP, and ICMP that are vital for simulating network probe attacks. Download INET from the INET GitHub page or install it using the OMNeT++ package manager.
  1. Understand Network Probe Attack

A network probe attack has includes to transmit a series of probes (such as TCP SYN, UDP packets, or ICMP Echo Requests) to classify active hosts, open ports, and execute the services on the network. This inspection attack supports you to the attacker gather information about potential targets before a full-scale attack.

Key attack steps:

  1. Send ICMP Echo Requests to validate if hosts are live.
  2. Send TCP SYN requests to regulate if particular ports are open.
  3. Send UDP packets to explore services running on UDP ports.
  1. Define a Network Topology (NED File)

In OMNeT++, we describe the network’s structure using the NED language. The topology consists of multiple hosts, a router, and an attacker node that act as the network probing.

Example NED File for Network Probe Attack Simulation:

network ProbeAttackNetwork

{

submodules:

hostA: StandardHost {

@display(“i=device/pc”);

}

hostB: StandardHost {

@display(“i=device/pc”);

}

hostC: StandardHost {

@display(“i=device/pc”);

}

attacker: StandardHost {

@display(“i=device/laptop”);

}

router: Router {

@display(“i=abstract/router”);

}

connections:

hostA.pppg++ <–> PointToPointLink <–> router.pppg++;

hostB.pppg++ <–> PointToPointLink <–> router.pppg++;

hostC.pppg++ <–> PointToPointLink <–> router.pppg++;

attacker.pppg++ <–> PointToPointLink <–> router.pppg++;

}

In this topology:

  • hostA, hostB, and hostC signify network targets that the attacker will probe.
  • attacker will replicate the network probe attack, transmit different kinds of requests to the hosts.
  • router assocites all the nodes in the network and routes packets among them.
  1. Configure Hosts to Respond to Probes

Each host should be able to respond to the various kinds of probes. We need to set up each host to execute a service on a particular port, like a TCP or UDP service.

Example Configuration for Hosts in omnetpp.ini:

network = ProbeAttackNetwork

sim-time-limit = 100s

# Configure services on each host

*.hostA.numTcpApps = 1

*.hostA.tcpApp[0].typename = “TcpBasicServerApp”

*.hostA.tcpApp[0].localPort = 80  # Host A running HTTP on port 80

*.hostB.numUdpApps = 1

*.hostB.udpApp[0].typename = “UdpBasicApp”

*.hostB.udpApp[0].localPort = 53  # Host B running DNS on port 53

*.hostC.numTcpApps = 1

*.hostC.tcpApp[0].typename = “TcpBasicServerApp”

*.hostC.tcpApp[0].localPort = 22  # Host C running SSH on port 22

In this setup:

  • hostA execute an HTTP server on port 80 (TCP).
  • hostB runs a DNS service on port 53 (UDP).
  • hostC runs an SSH server on port 22 (TCP).
  1. Implement Network Probe Attack on the Attacker

We can execute a custom attacker module to probe numerous hosts by sending TCP SYN requests, ICMP Echo Requests (pings), or UDP packets.

Example C++ Code for a Network Probe Attack:

class NetworkProbe : public cSimpleModule

{

private:

int numHosts;         // Number of hosts to probe

int currentHost;      // Index of the current host being probed

simtime_t probeInterval;  // Time interval between probes

cMessage *probeTimer; // Timer to send the next probe

int numPorts;         // Number of ports to scan

int currentPort;      // Current port being probed

protected:

virtual void initialize() override;

virtual void handleMessage(cMessage *msg) override;

void sendProbe();

void handleResponse(cPacket *pkt);

};

void NetworkProbe::initialize()

{

numHosts = par(“numHosts”).intValue();

numPorts = par(“numPorts”).intValue();

currentHost = 0;

currentPort = 1;  // Start from port 1

probeInterval = par(“probeInterval”);

probeTimer = new cMessage(“probeTimer”);

scheduleAt(simTime(), probeTimer);  // Start probing immediately

}

void NetworkProbe::handleMessage(cMessage *msg)

{

if (msg == probeTimer)

{

sendProbe();

scheduleAt(simTime() + probeInterval, probeTimer);

}

else

{

// Handle response

cPacket *pkt = check_and_cast<cPacket*>(msg);

handleResponse(pkt);

}

}

void NetworkProbe::sendProbe()

{

// Target the next host and port

std::string targetHost = “host” + std::to_string(currentHost);

int targetPort = currentPort;

// Create and send a probe packet (e.g., TCP SYN, ICMP request, or UDP)

cPacket *probePacket = new cPacket(“ProbePacket”);

EV << “Sending probe to ” << targetHost << ” on port ” << targetPort << endl;

send(probePacket, “out”);

// Update port and host indices for the next probe

currentPort++;

if (currentPort > numPorts)

{

currentPort = 1;

currentHost = (currentHost + 1) % numHosts;

}

}

void NetworkProbe::handleResponse(cPacket *pkt)

{

EV << “Received response from ” << pkt->getSenderModule()->getName() << endl;

delete pkt;  // Cleanup the packet

}

In this example:

  • sendProbe() transmit a probe (TCP SYN, ICMP request, or UDP packet) to the current host and port.
  • handleResponse() logs any response from the hosts to signify that the host/port is active.
  1. Configure Attacker in omnetpp.ini

The attacker node desires to be set up in the .ini file to describe how many hosts and ports to scan and how usual probes should be sent.

Example Configuration for the Attacker in omnetpp.ini:

network = ProbeAttackNetwork

sim-time-limit = 100s

# Configure attacker to probe multiple hosts and ports

*.attacker.numApps = 1

*.attacker.app[0].typename = “NetworkProbe”

*.attacker.app[0].numHosts = 3        # Number of hosts to scan (hostA, hostB, hostC)

*.attacker.app[0].numPorts = 1024     # Number of ports to scan (1 to 1024)

*.attacker.app[0].probeInterval = 0.1s  # Time interval between each probe (0.1s)

This configuration:

  • Set up the attacker to scan 3 hosts (hostA, hostB, hostC).
  • Scans up to 1024 ports for each host.
  • Probes are sent every 0.1 seconds.
  1. Run the Simulation

After set up the hosts and the attacker, execute the simulation in OMNeT++ using Qtenv or Tkenv:

  • Qtenv or Tkenv: OMNeT++’s graphical interface enable you to monitor the network traffic, observe the probe requests, and track the responses from the hosts.
  • Packet Tracing: measure the ICMP, TCP SYN, or UDP packets transmit by the attacker and the corresponding responses from the hosts.
  1. Analyse the Results

After executing the simulation, assess the outcomes:

  • Discovered Hosts: validate in which hosts responded to the probes, demonstrating that they are live.
  • Open Ports: measure the responses to detect which ports are open and what services are executes on each host.
  • Traffic Volume: Evaluate the network traffic created by the probe attack and its effects on the network.
  1. Extend the Project

Here are some ways to expand the network probe attack simulation:

Stealthy Probing

  • Randomized Probing: Rather than probing hosts sequentially, randomize the order and time among probes to make the attack harder to classify.
  • Low Rate Probing: minimize the rate of probing to mitigate detection by firewalls or intrusion detection systems (IDS).

Simulate Defences

  • Firewalls: Execute firewalls on the hosts that bottleneck incoming probe packets such as SYN, ICMP.
  • Intrusion Detection System (IDS): Execute an IDS module that identify scanning behaviour and logs potential attackers.

Distributed Probe Attack

  • Replicate a distributed probe attack, in which multiple attacker nodes coordinate the scanning to make it more difficult to identify.

Example Project Structure:

NetworkProbeAttackSimulation/

├── src/

│   └── ProbeAttackNetwork.ned       # Network topology

│   └── NetworkProbe.cc              # Custom network probe attack implementation

├── omnetpp.ini                      # Simulation configuration

└── Makefile                         # Build file for compiling the project

These project ideas explore various aspects of network probe attack performance and the detailed installation procedures to simulate the network probe attack in OMNeT++ tool. If you’d like more details on any specific project, feel free to ask!

Get best guidance on comparative analysis from us. Share with us all your Network Probe Attack Projects needs we will help you with best simulation guidance from phdprime.com team .we work on various kinds of probes like TCP SYN, UDP, or ICMP packets for your projects.

Opening Time

9:00am

Lunch Time

12:30pm

Break Time

4:00pm

Closing Time

6:30pm

  • award1
  • award2